Wireless Network

Six security tips for securing your Wi-Fi Access Point/Router at Home/SOHO

This post gives six important security tips you need to follow to secure your Wireless (Wi-Fi) connection from being misused by neighbors / intruders.  Every wireless access point comes with a lot of settings, and you need to change some of them for secure internet access on wireless.

While the signals from the wireless network cannot be blocked from going to places where the general public might reach them, the following security practices make the signals almost impossible to break.

  1. MAC Address Filtering Table: A MAC address is a unique code given by the manufacturer of every PC/ device connecting to the wireless network. Every wireless Access Point has a MAC Address filter table which needs to be updated with the list of MAC addresses that is allowed to connect to the wireless access point. So, enable this setting and add the MAC addresses of the PC/Laptops/Cell Phones in your home/SOHO.  Any laptop/ PC trying to connect to the wireless network (from outside) will simply be denied access to the wireless network.
  2. Password: Update your Access Point’s setting to allow a computer that wants to connect to the wireless network only after verifying a password/ pass code/ pass phrase etc that was already provided by you in the settings page. This password needs to contain alphabets, numbers and special symbols to make it impossible to guess.
  3. Encryption: All the data that is transmitted in the wireless network needs to be encrypted using 128 bit encryption and dynamic keys (WPA/WPA2). So, enable your encryption settings to WPA2 and if that is not supported by your computer, then – WPA to ensure that no one can simply sniff the wireless packets and make any meaningful attempts to read the data. WEP is also an encryption standard, but a weaker one. So, try avoiding it as much as possible.
  4. Disable Router SSID Broadcast: SSID is the network name assigned to the wireless networks. When people try to check for all available wireless networks in the area, the SSID will be visible to everyone by default. But this SSID can be prevented from showing up while anyone is casually trying to identify wireless networks in the area by disabling the wireless SSID broadcast in the settings. Casual intruders may not even know that there is a wireless network.
  5. Isolation of Wireless Clients: One way in which intruders might gain access is to try to directly communicate with the wireless client. With today’s access points, even this is prevented by the access points by disallowing communication between any of the clients connected to the access point through wireless and also with any outside laptop/PC.
  6. Firewall: Wireless Access Points have built-in firewalls where certain policies can be applied. For example, certain ports (like 113) can be blocked, wireless access can be restricted only from 9 AM to 6 PM, it can be disabled after that automatically, or you can block certain applications like FTP etc. over the wireless network.  These firewall policies make the wireless network safer.
  7. Disable wireless access to Access Point Settings: To access the Wireless Access Point’s settings page, secure https based web access is provided. Also, accessing of the settings can be prevented from the wireless medium totally. This makes it mandatory to access the settings through the wired port of the access point. This makes it impossible for any wireless intruders to change settings/ add MAC addresses from outside.

Ok, the seventh security tip was a bonus 🙂