Do you need to worry about security?
The short answer to this question is Yes.
If you do not secure your network then it is possible that somebody external to your premises could gain access to data on your network, or use your connection for nefarious purposes. Any use of your Internet connection is your responsibility – so it’s important to make sure you're protected.
The type of security you employ will depend on your own individual security concerns.
You will find specific guides for configuring your security elsewhere, below is a general list of steps you can take to protect your Wireless network.
Protect your SSID
The SSID, or Service Set Identifier, is the name designated for a specific Wireless network. Usually this is set to 'default'.
You should change your SSID to reflect the current network – but it is advisable to avoid using any details which would help a would-be attacker gain access.
You should avoid using the following details:
- Your name Username(s)
- Password(s)
- Your address
Some routers (for example, the Vigor Wireless range), allow you to hide the SSID. This means each client would need you to add the SSID manually. Anybody looking for a Wireless network would not be able to see yours automatically.
Who should consider protecting their SSID?
Everybody. Regardless of where they are using Wireless networking.
Limit Access to Trusted Clients
Each Network Interface card (including Wireless client adapters, Access Points and Routers) has a serial number assigned to it at production – this is called a MAC address.
A MAC address is always in the form of a 12 digit Hexadecimal value. For example, 00-4-05-B9-DF-E3
It is rare for a device to allow a MAC address to be changed, hence it is useful in identification purposes to limit access to your Wireless network to recognised Wireless client adapters. Most Access Points or Wireless Routers allow you to limit access to known MAC addresses.
If you need to find out a MAC address in Windows this can be done by opening a Command Prompt and typing:
ipconfig /all
Then press Enter. The Wireless device or Network card will be listed. The MAC address is referred to as the Physical Address.
On Apple OS 10.x you can find this information by opening and running the Networks Utility. This can be found by clicking Go -> Applications -> Utilities -> Network Utility.
Select Info and pick the appropriate Ethernet Interface. The MAC address will be displayed below, titled Hardware Address.
Who should consider limiting access to trusted clients/MAC addresses?
Most users of Wireless networking should limit access to trusted clients. Exceptions may be made when your Wireless network is being provided for use by different people – including guests.
Wireless Encryption
The majority of Wireless networking equipment supports the Wired Equivalent Privacy (WEP) encryption protocol. However, a large number of people never configure it. Running a Wireless network without WEP enabled is equivalent to hanging an Ethernet cable out of your window for anyone who wishes to plug into your network.
The type of WEP encryption you use will depend on how sensitive you consider your data to be, and how fast you want the connection to run.
Most Wireless equipment supports up to 128bit encryption, with others supporting up to 256bit. Basically, the higher the level of encryption, the lower your speed will be (with the reduction depending on the quality of the hardware you use).
Many newer devices support WPA encryption. This is far more secure than WEP protection, as in addition to a global key a second unicast key is also required. The unicast key is changed every frame, and the change is synchronised between the two ends of the connection.
In WEP encryption a single pre-shared key is set at both ends, and theoretically can be obtained by packet sniffing approximately 2GB of data for a 128 bit key. As users rarely change the key there is an inherent security risk in relying on WEP encryption alone.
More information on implementing WPA encryption can be found in the Microsoft Knowledge base article here:
http://support.microsoft.com/?kbid=815485
In order to implement WPA encryption both ends of the connection must support it. The router needs to have WPA implemented in firmware, and the Wireless network adaptor needs to have WPA compliant drivers.
The wireless client software also needs to support WPA. For those clients that rely on the inbuilt Wireless Zero Configuration service built in to Windows, (or which simply use the inbuilt Windows client) an update to the windows client needs to be downloaded from the Microsoft Web site
Mac OS X users would need to upgraded to Panther (Mac OS X 10.3) in order to use WPA encryption with their Airport or Airport Extreme hardware.
Who should consider using encryption?
Most users should use encryption, unless they are in no way concerned about people accessing the data which will be broadcast over the Wireless network. Most Internet users send personal data – including address details and bank or credit card information – and in these cases then WEP encryption should always be used.
A serious attacker may not be deterred by WEP encryption. So in a corporate environment, or if a network is not restricted to trusted MAC addresses, users of Wireless networking are advised to employ the use of VPN connections – as this provides a significantly higher level of encryption. It also provides the added benefit of using equipment other than your Wireless Access Points or Clients to encrypt and decrypt data - meaning the quality of your Wireless equipment will have less of a bearing on the maximum speed of communication. It should be noted that the VPN encryption itself will add significant overheads, so there would still be a reduction in speed in comparison to a totally unencrypted link.