Part III: Securing Your Wireless Network

Wireless networks are wonderfully convenient but, as we've seen, they're also vulnerable to being hacked. Here's how to make it hard for hackers!

Essential Measures

1. Use a proper password
What makes a good password? Anything that's not in a dictionary for a start! If you want to use something memorable, think passphrases rather than passwords. "2 bee 0r NoT two-B" is vastly more secure than "To be or not to be", but for real security you can't beat long strings of properly randomised junk. How about

bT6i3W429TQRxnefaD1xtZc3b6kgit2eMbk52S0ndK1Km5upS2AI9iakyTZIvqt

or

<CL$8L=noSj+^1)5<4LTaB7#R%PHH2-204V^_fj.@t:%kpsO0p,vJOS8<-qEOm^

Now they're what I call passwords! Both come from Steve Gibson's Perfect Passwords generator. You don't have to use the whole string. Just the first 10-12 characters would do. If you do use the whole string, you'll need to save it on a USB stick which makes it a little less convenience, but no one's ever likely to crack your network.


2. Change the default password
Don't let a hacker reconfigure your hardware! Your wireless router will come with a default password. Change it! There are plenty of lists around (like this one) containing default logins and passwords.


3. Enable encryption
Without encryption, anyone can capture your wireless traffic! Use WPA2 in preference to WPA. Don't ever use WEP, it can be cracked in minutes.


4. Update your firmware
Things change, new vulnerabilities are discovered daily. Check your router's running the latest firmware update.


5. Use HTTPS for management
If you manage your router wirelessly, do so via (encrypted) HTTPS rather than regular HTTP. With the latter, your router's login name and password will be broadcast in clear text.

Useful Measures

6. Disable SSID
Disabling the SSID (Service Set Identifier) will essentially hide your network from casual passers-by. Experienced hackers will still easily detect it, but it requires a little extra work and suggests its owner has a little extra savvy, so they may go for an easier target.


7. Turn on logging
Router logs are often disabled by default. Turn them on. Some routers will even email you of suspicious activity. Invaluable!


8. Switch it off!
If you're going away for a while, turn off your router -- or at least the switch off Wi-Fi. If it ain't broadcasting, it can't be hacked!

Not So Useful Stuff

9. Filter MAC addresses
Every piece of networked equipment has a unique Media Access Control (MAC) address, and at first it would seem to be a good idea to only allow access to particular devices. But the internal tables are a pain to maintain -- you'll have to determine and add the MAC address of every new piece of equipment you connect -- and they're trivially easy to spoof anyway, so Not So Useful.


10. Disable DHCP
Again, I put this in the Not So Useful category merely because it's a pain to maintain. With
Dynamic Host Control Protocol (DHCP) enabled, new devices are automatically assigned IP addresses. With it disabled, they have to be assigned manually. For most casual users that's just a hassle.