Corporations, government agencies, the military, and enterprises-in fact all medium-to-large-scale wireless LANs-have a different set of security requirements from the wireless LAN used in your home or in small offices. Enterprise wireless security requires advanced mutual authentication and strong encryption solutions. But what is needed to properly secure a home or small office wireless network? Below is a list of ten simple steps the average SOHO user can take to secure their own wireless networks.
AirSpy Networks' David Coleman, a wireless LAN consultant and CWNP Program Trainer, compiled the following wireless LAN SOHO security checklist to assist you in securing your network.
1. No Default Settings
2. Cell Sizing
3. SSID Naming
4. Cloaking
5. MAC Filters
6. Encryption
7. Static IP
8. Common Security Practices
9. Document Your Settings
10. Turn it off
-----
1. No Default Settings
The first and biggest mistake that most users of home and small office wireless networks make is that they just power up the box and leave all the default configuration settings enabled on the home wireless gateway device. The two most obvious default settings would be the SSID and the administrator login name/password. The SSID (Service Set Identifier) is the "name" of your wireless network comparable to a Windows workgroup name.
For example, Linksys, the SOHO WiFi market leader, uses an SSID of "linksys". Another leading vendor D-Link uses the SSID of "default". A simple Google search will generate links to numerous sites that have compiled lists of all the default settings for the products of many wireless vendors. Any individual can also simply download the PDF manual with the same information from the vendor's web site.
Amateur hackers, Wardrivers, and script-kiddies will always target the wide open wireless systems first. Using the vendors default settings is analogous to leaving the front door of your house always open. A conservative estimate of SOHO users that do not change the default settings is about 70%. So do not use the default settings. Pick a different SSID. Change the device's administrator login name and change the admin login password. Also, if the device allows you, change the default IP address.
2. Cell Sizing
SOHO wireless access points and wireless gateways/routers extend the network into the "air". Every device uses a 2.4 GHz and/or 5 GHz radios card to transmit and receive the data. Despite low power, radio waves travel at the speed of light and can penetrate most construction materials. It is not uncommon that a very strong and usable signal can still be received from the street outside your home or small business. Other than putting a chain link fence completely covering your home, there is no way to completely contain an RF signal.
However, today many SOHO WiFi manufacturers give you the ability to adjust the power settings of your wireless gateway. Lower power settings mean shorter range. If your vendor provides the option, lower your power settings so that your neighbor three houses down is not using your wireless network. But still make sure your power settings are enough to properly provide signal coverage for your mobility needs. Some vendors have a setting called "adjust antenna transmit power". In reality you are not adjusting the antenna but are in fact lowering the transmit power of the radio card. If your wireless router does not have the ability to adjust the power settings, physically locate the unit in the center of the house and away from the windows.
3. SSID Naming
Do not use a network name (SSID) that can clearly identify you. Do not use a family surname, your street address, or your dog's name. Choose a network name with no meaning. Something such as Rhj18YT89. Please be aware that SSID's are case sensitive and must match on both the wireless gateway and on the software client utilities of your computers using wireless cards.
4. Cloaking
Remember in Star Trek when the Enterprise was "cloaked" but somehow the Klingons found the ship anyway? Well there is a way to "cloak" your wireless network. Your SOHO wireless device should have a setting called "Closed Network" or "Broadcast SSID". By either enabling a closed network or disabling the broadcast SSID feature you can hide or cloak your network. The SSID (network name) is transmitted in the air by your device in a broadcast called a "Beacon".
