Wireless Home Networking Tips

[intelliGEORGE]

The reason for this post is I am finding many people are setting up wireless home networks in such a rush to get their internet connection working as quickly as possible, overlooking quite risky security problems and encountering broadband theft.

Wi-Fi networking products don't always help the situation as configuring their security features can be a mission. The following recommendations should be taken in to consideration to improve the security of your home wireless network.

Change Default Access Control (Administrator Username & Password)

Most Wi-Fi networks have an access point or router. To configure these devices, manufacturers provide Web browser access that allow owners to enter their network address and account information. These Web tools are protected with a login (username and password). However, for any given piece of equipment, the logins provided are simple and generic across the model range. Changing these settings is probably the first thing to do when setting up the network.

Enable WPA/WEP Encryption

All Wi-Fi equipment support some form of encryption. Several encryption technologies exist for Wi-Fi today. You should utilise the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption method i.e. If you select WEP then all the devices must be set to WEP encryption. Some devices might not have the same encryption options, therefore you may need to find the method common to all Wi-Fi devices.

Changing the Default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally have a default SSID set. For example, the SSID for Netgear devices is normally "Netgear." Knowing the SSID does not by itself allow your neighbors access to your network, but it is a start. Change the default SSID, I like using FED-POL as mine, throws some caution out there

Turn On MAC Address Filtering

Every piece of Wi-Fi/Network gear possesses a unique identifier called the physical address or MAC address (except in the case of some Octagon SF918's ). Access points and routers keep track of the MAC addresses of all devices that connect to them. Many products offer the option to enter in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices.

Disabling SSID Broadcast

Wireless access point and routers typically broadcasts the network name (SSID) as mentioned above, over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range, however in the home, this roaming feature is unnecessary, and it increases the likelihood of someone trying to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled.

Assign Static IP Addresses to Devices

As well as MAC filtering, assigning static IP's to devices increases the security of the network. Most people tend to use dynamic IP addresses (DHCP) although it is easy to set up, unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match.

Enable the use of Firewalls

Routers contain a built in firewall, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.

That pretty much sums it up, please feel free to add more tips to this thread. Hope the information helps those new to the daunting task of securing home networks

[oyama]

nice tut

[CrYpto]

Yes nice one....should help out a lot of newbies.