|
Here are
a few simple steps you can take to maximize the
security of your wireless network and to protect
your data from prying eyes and ears. This section is
intended for the home, home office and small office
user.
IMPORTANT: The procedures necessary to complete
these steps are often different for each
manufacturer. Whenever you see this image,
you should look in the encryption or security
section of your specific product manual for the
correct procedure to follow.
Most
importantly, deploy Wi-Fi Protected Access (WPA) or
WPA2.
WPA is a standards-based, interoperable security
enhancement that strongly increases the level of
data protection and access control for existing and
future wireless LAN systems.
See Wi-Fi Security at
Work and on the Road.
Return to
Top
Most
wireless networks ship with a default password
provided by the manufacturer. Change it as soon as
possible.
Most hackers can easily figure out the default
password once they identify the make of your network
access point.
Return to
Top
If possible, block
the
SSID
(Service Set Identifier) from being broadcast.
This has the effect of "closing" your network. Many
Wi-Fi systems enable you to close the network.
All
access points ship with a wireless beacon signal so
that wireless PCs can more easily find them. In
effect, the signal is shouting, "I'm here! Log on!"
By turning the SSID off or by "closing" your
network, you make it much harder for hackers to find
you: If they don't know your network exists, there's
less chance they will spend the time to crack your
communications. So, If your equipment permits you to
close the network, make sure you do so.
Return to
Top
Most access points
ship with a default
network name.
When your network is up and running you should
change the name to something personal, yet hard to
guess. In other words, if your last name is Smith,
don't call it the Smith network. Many companies,
even large corporations, label their network with
their company name or their address. Don't do it. Be
creative. A combination of letters and numbers is
recommended, but don't use your street address!
Return to
Top
To increase privacy,
place your access point in the middle of the room,
away from open windows and doors. The more metal and
wood you put in the way, the less distance your
wireless messages can travel. You can test how much
of your signal is escaping from your business or
home by taking your Wi-Fi equipped laptop outside
(for a
site survey)
and checking to see how far you can go and still
make a connection. You might be surprised.
Return to
Top
Use
MAC
(Medium Access Control) tables if your access point
supports them.
Like all networking devices, a Wi-Fi radio, has a
unique MAC address coded into its memory. By using
the MAC Access Control List (ACL), you can limit the
wireless connection to only those Wi-Fi radios whose
MAC addresses are directly enabled in your access
point. It's like call blocking on a telephone, but
for a wireless LAN. If a rogue wireless radio with a
MAC address that is not in this table tries to
connect to your network, your access point will not
let it.
Return to
Top
There are various
ways to set up your computer's directories and
network to protect your stored files and data. One
way is to turn off "Sharing" and use "Passwords" to
access directories holding confidential files.
Sharing and Passwords are accessed in Windows by
right clicking on the directory and going to the
"Properties" command. Also see
Windows Networking
Tips and Secrets
Remember that most
web sites that handle purchases, credit cards and
other financial information usually use encryption
methods such as
SSL(secure
socket layer) to protect sensitive data. So most
financial data transmitted over the Internet is
already encoded from the time it leaves your
computer until it reaches the web site.
Return to
Top
Many large companies
use
VPN
(Virtual Private Network) technologies for staff
that need to remotely access the company's corporate
database. VPN systems also work for Wi-Fi wireless
networks.
A VPN creates a
virtual tunnel from your computer through the local
wireless access point, through the Internet, and
then to your corporate headquarters. Even though it
can be complicated and expensive, using VPN creates
an almost impenetrable wall of security for your
wireless communications whether you're working from
home, an airport lounge or your company's meeting
rooms.
Return to
Top
If you implement all
of the above suggestions your network will be less
vulnerable to the script hacking tools in use today.
For more information on how to maximize wireless
security, go to
Secure Wi-Fi
and also check out these additional web sites and
links:
ˇ Craig Ellison's Extreme Tech
article
ˇ Practically
Networked WLAN Security Guide
ˇ John Welch article from Working Mac
Return to
Top
|
Step
1: Planning 
Types
of Equipment 
Setting
Up 
Adding
Wi-Fi to a Desktop