There is more than one type of burglary that can affect a home. The one we are most used to usually involves kicking in the door; the less familiar one involves compromising a computer. And if the intruder in this scenario has compromised a wireless network, users might as well have given them a key to the front door, says Doros Hadjizenonos, sales manager at Check Point South Africa.
Just as home wireless networks can offer users the freedom to access online data untethered to a physical connection, if improperly configured, that same wireless local area network (WLAN) gives that freedom to an attacker.
Fortunately, there are a number of steps users can take to make sure a wireless connection is as secure as possible:
* Avoid default passwords – setting up a router and leaving the default password of the administrator account in place is what in technical terms we call a very, very bad idea. The guest account default settings should be changed as well assuming that has been enabled. Once that is taken care of, the next step is to come up with a strong password to replace the one just removed.
Much has been written about the importance of developing complex passwords in the past. If you need a few tips, start by making sure that users mix letters and numbers into the password so that the password itself is not an actual word. Stay away from birthdays, names, or anything that could be easily guessable by anyone who can get basic information online.
* Consider changing the default SSID name – the service set identifier (SSID) is the public name of a wireless network. Many times, manufacturers will use the same SSIDs for all their products.
Though this does not directly impact the security of a network, if an attacker identifies a default SSID, they may be encouraged to try to attack it under the assumption that the network may also use a default password and be insecurely configured.
While some argue for hiding SSIDs altogether, in truth this has little effect on security. The SSID is not a network password after all, and there are a number of tools hackers can use to discover it.
* Protecting access points with encryption – encryption is a must for protecting a wireless network. The best answer for encryption needs is WPA2 (WiFi Protected Access 2), which is stronger than its predecessor – WPA – as well as WEP (Wired Equivalent Privacy), which preceded WPA and has been found to be riddled with security holes.
Unlike other versions, WPA2 mandates the use of AES (Advanced Encryption Standard) algorithms for security. Though WPA2 is not supported by some older wireless cards and access points, try to go with the most secure option available whenever possible.
* Enable the MAC address filtering feature – a media access control (MAC) address is a unique hardware identifier for a computer. By enabling MAC filtering, you can exercise more control over who can connect to a network by setting up a list of clients that will be allowed to join.
Once it’s enabled, the router/access point will check the MAC address of any client that sends a request to join the network against that list. Those that are not on the list cannot join. This is not a solution for keeping an attacker off a network, as MAC addresses can be faked, so be sure to take other security precautions as well.
* Disable remote administration – some wireless networking routers allow users to administer the router remotely from anywhere. If this is not absolutely necessary, there is no reason to keep this feature enabled. Doing so opens up a potential door to attackers who could exploit the situation to gain administrative access to a router over the Internet.
Remember, steel doors mean nothing if they are left open, so following a few basic steps should be step one in defending users from attackers.