Wireless is every where!!! For example on my way home one night about four miles out, I started my notebook to get a phone number out of an email. I left the computer turned on and noticed six different wireless networks before getting home and out of those six, four appeared to still have the manufactures defaults.

In this tech tip we will be covering some basic configurations and security settings that we feel should be considered when implementing and using a wireless network. This is by no means designed as the final word in configuring or securing a wireless network, but as a guide to help and information that can be used with most installations. In fact some of the suggestions should also be used on the wired parts of your network.

The most commonly used wireless devices, such as routers and access points utilize web based configuration tools to customize these devices. Most of them have a minimal configuration that allows them to work right out of the box, once connected and powered up. It is those configurations that should be modify to secure your network and protect the computers and other devices on your network.

Changing Default Passwords
Wired and wireless routers both have a simple default password used to access the configuration of the device. This is the first thing to change to limit anyone else from accessing the configuration. Like any passwords you should make it something difficult to guess and contain both letters and numbers. Minimally it should contain eight characters, but longer is better.

Changing the SSID
SSID (Service Set Identifier) is a name assigned to a wireless network it is a unique name that is shared among all points in a wireless network. The SSID will vary in length depending on manufacture, but should be less than 30 characters long when you change it. Like changing the password it should be something difficult to guess that contains both letters and numbers. It should also be something that will not reveal anything personal about you or your network.

The device is also set to broadcast this name so that the wireless devices can detect and connect to that network. Once all devices are connected to the wireless network you can disable the broadcast and should you need to add additional computers go in and temporarily enable it long enough to connect that device and then disable it again.

Changing Default Name
Access Points will also have a unique name for the device. You should rename it to something easy to remember, especially if you are going to deploy more than one Wireless Access Point on you network.

Changing Routers IP Addressing
The majority of manufactures ship their routers (wired or wireless) with a default IP (Internet Protocol) address 192.168.1.1 and it is the most commonly used number today. This is the address you use to access the configuration as well as the address your computers and other network devices use to communicate locally and to the Internet. It is highly recommend that you change the default IP address, although it is not adding a great amount of security, it will make it a little harder for people to detect or move around on your network.

Access Point or Router
In the past Routers and Access Points came as two separate and distinct devices for your network. Today you can buy a Router with a built-in Access Point, it is important that if you install one of these routers on a network that already has a router with an Internet connection that you set the device to Access Point Mode. This will disable the routing function and resolve any network conflicts that could occur by having a second router on the network.

Changing DHCP Server
DHCP (Dynamic Host Configuration Protocol) Server is a protocol used to automatically assign IP addresses to computers and other devices on your network. In broadband and some other networks where a static (dedicated) IP address is not required DHCP is used on the outside (WAN) port of your router not only for the WAN IP address, but additional information like DNS, Subnet Mask and Default Gateway. Whenever a computer connects to the network the router assigns an IP address to it, so that the user does not have to manually configure the network settings. You can reduce the number of address that the server makes available to match the number of workstation that will be using the network. For more security you can disable DHCP and manually configure each computer and device on the network with the IP address, subnet mask and default gateway (routers LAN IP address).

Encryption
All wireless components have some sort of encryption capabilities, used to scramble the information being sent across the network. This is done so that anyone else on the network scanning the traffic could not easy read or understand the data being passed. There are two primary types of encryption on wireless devices WEP (Wireless Equivalency Protocol) and WPA (Wi-Fi Protected Access). Before selecting or setting encryption on the router or Access Point it is important to check what level other devices using the wireless network will support. For example you may configure the router to use 256 bit WEP, just to find out that one of your computers only supports 64 or 128 bit encryption. Then you would have to reconfigure the Router’s encryption and any workstation you may have already configured.

WEP was the first type of wireless encryption available. Currently there are three levels of WEP encryption 64bit, 128bit and 256bit and the higher the number the greater the encryption. A string of letters and numbers are generated and this is shared by all computer authorized to access the wireless network. Please note that WEP encryption has been defeated and if used you should change the authorization string regularly.

WPA like WEP has a similar encryption string and then to keep security dynamic, mathematically derives encryption keys. WPA continually changes the encryption keys used for each packet of data, thus making it much more secure. WPA should be used when ever possible.

Location
Wireless devices such as Routers or Access Points have a signal range up to a few hundred feet in open space. The range decreases greatly when obstructed by walls and floors, but in most cases still strong enough to carry to a near by street or parking area. It is recommended that you install the device in the middle of your location reducing the signal strength. This will also help to secure your wireless network by reducing the chance that someone outside of you location will detect or access your network.

Computer Connection
Microsoft has integrated a Wireless Network Setup Wizard with Windows XP Service Pack 2 that will walk a user of any level through the installation and connection to your network. Also configuration software is available from most of the hardware manufactures.

I have been told by many people that they feel no one would be interested in accessing their network or personal files and that making the changes we recommended to be more than they feel are needed. But whether it is a hacker or just someone be mischief and/or destructive can you really take a chance. Peace of mind is just a few steps away.

Copyright © 2007 Gig IT Consulting