San José, Costa Rica, since 1956

Wireless Network Lockdown

WIRELESS security has long been associated with “no security” – meaning that any wireless network is easy to hack into. This is largely true, especially since the default configurations for wireless devices do not implement security and user-name passwords for controlling access points such as routers.This allows your neighbor or anyone parked within 300 feet to connect to and possibly hack into your network, capturing passwords and credit card information (identity theft), installing malicious programs on computers attached to the wireless network, and downloading and storing illegal material from the Internet. If your neighbor is using your wireless network to connect to the Internet to download, for example, child pornography, any law-enforcement agencies tracking it down will see your wireless router as the source. And if any of the material was stored on your computer unbeknownst to you, the situation may become even more complicated.So, though securing or “locking down” your wireless network may seem time consuming, it is definitely worth the investment, especially in shared-space living or work environments such as apartments and multi-company buildings. At minimum, you should perform the following procedures (see product documentation for details on how to configure):–Change the default administrator password. The default password is available in most consumer documentation and is usually widely known.–Change the service set identifier (SSID). The SSID is what identifies a network. Change it to something unique (do not use personal information) to differentiate your network from other networks your wireless network card may pick up. In my old apartment complex, for example, there were three networks called Linksys – the default SSID for Linksys routers. You do not want to accidentally connect to someone else’s network, as it will make you vulnerable to hacking attacks.–Configure your wireless access point (or router) to use Wireless Application Protocol (WAP) encryption. Wired Equivalent Privacy (WEP) encryption is easily deciphered by even unskilled hackers using common tools. Almost all wireless products currently sold support WAP. Wireless devices from a few years ago may not. –Use Media Access Control (MAC) address filtering. This is recommended but not necessary with WAP. It allows you to specify which computers can use the wireless access point by entering the MAC addresses of each authorized computer. A MAC address is unique to each computer or, more accurately, each network card. Note that skilled hackers can get around this, so this should not be relied upon solely.–Use a lamp timer. The most obvious way to secure any network is by shutting it down. Powering off your wireless access point prevents even the most skilled hacker from compromising your network. It may seem a bit paranoid, but I know many IT professionals who do this.Locking Down the Linksys WRT54G Wireless Broadband Router1) Physically connect a computer to the WRT45G device with an Ethernet cable from your computer’s network card to one of the four local area network (LAN) ports on the back of the router.2) Log on to your computer and open up a Web browser, such as Internet Explorer. Enter in the address bar. Supply the user name and password when prompted – this can be found in the product documentation that came with the device. You can also locate the product documentation on the Linksys Web site. 3) Click on the “Administration” tab. Enter (and re-enter) the new administration password. Make a note of it. Click on “Save Settings.” If you need to access the router in the future and forget the password, you can restore to factory defaults by holding down the reset button on the device for 10 seconds. If you reset your router, you will have to reconfigure security.4) Next, click on the “Wireless” tab. Right underneath it, click on the “Wireless Security” subtab. In the “Security Mode” field, select “WAP Pre-Shared Key” For the WAP shared key, enter an eight- to 63-character password (use a combination of upper- and lowercase letters, numbers and nonalphabetic symbols. Note the password and click on “Save Settings.”5) Click on the “Basic Wireless Settings” subtab. Change the wireless network name (SSID). Do not use personal information such as your address or date of birth. Save settings.6) On your desktop, click on “Start,” then “Run.” A DOS window should appear. Type “ipconfig/all.” Locate the physical address of your wireless network card – this is the MAC address. Write it down.7) Go back to the router and click on the “Wireless MAC Filter” tab. Select “Enable” and select “Permit Only.” Click on “Edit MAC Filter List.” Enter the MAC address you wrote down in step 6. Then click on “Save Settings.” Close the “Edit MAC Filter List” window. Save settings again on the “Wireless MAC Filter” page.8) In the bottom right-hand corner of your screen, there should be an icon of a computer with an “X” on it. Rightclick on the icon and select “View Available Wireless Connections.”9) Click on the network with the name you specified in step 5. Enter the network key specified in step 4. Click on “Connect.” The computer should locate the wireless router and create a secure connection. The setup is complete, and you can now feel much safer.

Comments are closed.