From the Kenosha News on 9-24-06

Make your home wireless network more secure

Last week’s column discussed some of the dangers of using wireless or wired networks. This week is specifically targeted at people with a wireless network at home. (If you’re thinking of setting up a home wireless network, check out my columns from May 2005 at www.sabbarpublications.com/newsarchive.html.)

If you simply buy a wireless router and set it up without changing anything, you leave it open to the following perils:
1. People using your wireless connection (for free), which will slow down your on-line activity and open you up to the other risks.
2. Someone “sniffing” your packets, as explained last week.
3. A person accessing data on your computer if you have sharing turned on.
4. Someone changing the settings on your wireless gear so that you can’t access it.

Changing the settings on your wireless router is not particularly difficult and is definitely worth the effort. Each brand of wireless router has its own interface, so I can’t provide click-by-click instructions. Below are the major points; consult your router’s manual or web site for specifics.

The first time you login to your wireless router, you’ll use the login and password that are specified in the router’s manual. Make sure that you change the password to something you can remember but something that people cannot easily guess. You might even write the password on the router itself since you’re only guarding it from people OUTSIDE of your home. If you keep the default password, anyone can login to it and make changes, including changing the password so you can’t fix it!

One of the simplest things you can do is to change the SSID that your wireless router uses. If you have a Linksys router, its SSID is “linksys” by default. Change it to something unique. You can also set the router so that the SSID does not broadcast. This means that when you or anyone else clicks “view available wireless networks”, your wireless will NOT show up on the list. Instead, only computers pre-configured with your unique SSID will be able to connect to it. This “security by obscurity” helps with item #1, above.

Another security option is to create a list of specific MAC addresses (unique Ethernet addresses) that are allowed to connect to your wireless router. To do this, you will need to find out the Ethernet address of any computer you want to use your wireless. (This can be done by typing IPCONFIG /ALL at a DOS prompt in Windows XP. Look for “Physical address”; it is 12 characters long.) Whenever you get a new computer, you’ll need to add its number to the list. Enter the addresses into the appropriate configuration screen in your wireless router.

The final option is to turn on an encryption scheme, such as WEP, that requires a password. While WEP encryption has been compromised before, it’s more secure than no encryption, and it’s the only scheme built-in to the average Windows XP computer. If you set this up, make sure you have a way to connect to your router through a wired connection; once you make the change, you will lock out any existing wireless computers until their connections are configured to use WEP.

By Carol Sabbar from the Kenosha News on 9-24-06