Setting Up Your Home Wireless Network - Basic Considerations
Updated: 09-Nov-2008
Wireless networks are increasing in popularity because of their convenience, and because home users can easily set them up without running cables from room to room. See our article Connect to the Internet for more details on how to connect the hardware. Wireless networks allow you the freedom to take your laptop computer from room to room in your house, or even outdoors, and still maintain your connection to the Internet and the rest of your home network. Wireless networking is convenient even for tower or desktop computers when they are are far apart from each other or from your broadband modem. For background on wireless networking see the article Wireless Home Networking. You can also listen to our discussion in podcast Episode 50 and Episode 53.
Wireless Security
With no cables to run, wireless networks are very convenient, quick and easy to install, giving you easy access to your network and the Internet from almost anywhere in your home. However, wireless networking sends your information through radio waves instead of physical cables, so without some setup, anyone within range can "listen in" on your network. Your wireless network components may work right out of the box, but your entire network is wide open to thieves and hackers unless you take a few simple steps to enable security on your network.
Here are four basic security measures you should take to secure your wireless network.
- Change the default SSID (network name).
- Disable the SSID broadcast option.
- Change the default passphrase needed to access a wireless device.
- Setup WPA or WEP Encryption
- Enable MAC address filtering.
Change the default SSID code
Your wireless devices (access point, wireless adapters, router, etc.) have a default SSID set at the factory. The SSID is the name of your wireless network, and it can be set to anything you want. Many manufactures of wireless products use the company name as the default SSID. For example, Linksys wireless products use "linksys" as the default SSID. Hackers know these defaults and will try them first when gaining illegal access a network. They will also try something simple like "wireless" or "network" before trying more difficult possibilities. Change your network's SSID to something unique and difficult to guess, and make sure it doesn't refer to the networking products you are using.
If you really want to be secure, you can change your network's SSID on a regular basis, so any hacker who may have figured out the SSID in the past will have to figure it out again and again. Intruders who encounter networks with an SSID that changes regularly are more likely to leave your network alone in search of one that is more easy to infiltrate.
Disable SSID broadcast
By default, most wireless networking devices are set to broadcast the SSID. This feature is used by public hotspots so anyone can easily join the wireless network. For your home wireless network, there is no need to broadcast the SSID, since you already know it. If your access point or router setup allows you to disable SSID broadcast, you should do so.
Change the default passphrase
Wireless products such as access points and routers, will ask for a password or passphrase when you access their setup utility. These devices have a default password set by the factory. Many devices have the default passwords empty or set to "admin". Hackers know these defaults and will try them to access your wireless device and change your network settings. You should change yours to a passphrase rather than a simple password, and make it something difficult to guess.
Encryption
Encryption transmits your data securely over the wireless network. By default, wireless devices are shipped by their manufacturers with encryption disabled. For your home network, you should use WPA encryption. WPA stands for Wi-fi Protected Access. Pre-shared key mode (PSK or "personal mode") is specifically designed for home and small office networks, so this is most likely what you will want to choose. WPA uses a passphrase that provides 256-bit encryption. The passphrase can be from 8 to 63 ASCII characters or 64 Hex digits.
If you are using older wireless hardware, you may need to use the older WEP encryption. WEP stands for Wired Equivalent Privacy. WEP can be set to 64-bit (sometimes referred to as 40-bit) or the more secure 128-bit encryption. The keys can be ASCII characters or Hex digits. Exactly matching encryption keys must be setup on your wireless router, or access point, and the wireless adapters in each of your computers.
Refer to the User Guide provided with each of your wireless devices for information about setting-up the WPA passphrase or the WEP encryption key.
Enable MAC address filtering
If your wireless products, such as access points and routers, offer it, enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every network device. When you enable MAC address filtering, wireless network access is provided only for wireless devices with the MAC addresses you specify. This makes it harder for a hacker to access your network using a random MAC address.
