Wireless Network Basics

If you’re planning to build a wireless network, or even if you already have one, be aware that your security requirements are different than if you’re on a traditional wired network. This is because wireless networks, by their very nature, are more insecure than their wired counterparts. Other wireless users, particularly those within 1,000 feet of your network, may potentially be able to connect to your network, even if these users don’t have any right to be there. Apart from your firewall, there are other components that you need to set up to make your wireless network more secure. This article will guide you in setting up your security for your wireless network.

The first thing to do is to set up security on your wireless access point. Security protocols available for wireless networks include wireless encryption protocol (WEP) and the newer Wi-Fi Protected Access (WPA 1 & 2 ) protocols. WEP has been shown to be weak and easily broken, and is no longer recommended for use in wireless LANs. To ensure security of your wireless LAN, use WPA instead. WPA, properly implemented, ensures that only valid users within your network are allowed access, and that all data transmitted between the various PCs on your network are encrypted.

Next, disable the built-in DHCP on your router. Don’t let the DHCP server serve up dynamic IP addresses. Instead, configure a static IP address for each PC on your network. This might seem trivial, considering the next tip, but this adds another layer of security to your configuration.

Third, you should filter access to your network through the MAC address of the network cards on your PCs. Don’t filter access through the IP addresses of your PCs as these are easy to spoof, particularly if your router’s built-in DHCP server is set to provide dynamic IP addresses to your PCs (see previous tip). Again, your router should allow you to filter access through your hardware’s MAC addresses.

Lastly, again on the router, disable the broadcast of the network identifier or SSID of your network. This is to ensure that no other PCs, except those you’ve specifically set up to connect to your network, can connect to your wireless LAN.

The above steps will require manual configuration of the PCs connected to your network. However, since they’re going to make your network more secure, this is a small trade-off compared to having someone that isn’t authorized running loose on your network. Your data is more important, I’m sure.

Also, be aware that WPA passphrases that are less than 20 characters in length and uses dictionary words are susceptible to cracking (see here). So, make sure to use strong passwords on a wireless network.

In subsequent articles, I’ll guide you through setting up WPA on your networks.

Posted in Categories: Hardware ~ No Tags ~ Trackback

Related Posts: No related posts