Tuesday, March 27, 2012

Wireless Home network security

A lot of people have wireless access points set up in home networks. Wi-fi makes it so easy to connect all kinds of devices to the internet – PCs, printers, storage devices, tablets, laptops, even phones. No need for busting holes in walls and running yards and yards of cat5 cable. Just turn the device on and you’re connected. Sure a lot of the tablets and phones have their own internet connections, but for those with limited data plans, wi-fi connections at home give almost unlimited connection time. But how many people take the time to make sure their wi-fi connections are secure?

Unless you live on an island with nobody else around, you should definitely take a few minutes to make sure your wi-fi is locked down. Here are a few general guidelines to follow:
  • Setup a strong password for the administrative console
    • Oh great, another password to remember. Well, it’s ok to write this one down somewhere. Most devices come with a default password already set, but it’s usually something like “password” or something that can be easily looked up on-line. Since you don’t want anyone else getting in and changing your settings, a good password is a must.
  • Turn on encryption
    • All traffic between your wi-fi access point and your end point devices should be encrypted. If it’s not, anyone within signal range could potentially capture and read some of your internet traffic. That could possibly include login information (think passwords) to web sites you visit. So which type of encryption should you use? For the most part, use either WPA or WPA2. While WEP is still offered, it has been proven easy to crack and many feel it is no better than having no encryption. WPA or WPA2 are a little more robust. Also, if the device asks for a passphrase, make sure it is different than the one set up for device administration.
  • Set up MAC address filtering
    • While this may be a little less convenient, it helps better secure your device by only allowing a connection to those devices with the listed MAC addresses. A whitelist, if you will. This is a really good way of limiting who can use the wi-fi. If you’re not on the list, you’re not getting a connection. It can be a little tricky to find the MAC address on some devices, but if they have wi-fi capabilities, there is a MAC address.
  • Check for and install firmware patches and upgrades periodically
    • Just like software, vendors push out patches and fixes for wi-fi access points. Patches and upgrades are usually created in response to fixing some sort of bug or vulnerability. Install updates as they are released.
  • Backup the configuration
    • Problems will occur. Maybe an upgrade goes bad or a power jiggle resets the device. If you create a backup every time you modify the configuration, restoring the device will be much less painful.
  • Change the SSID
    • The SSID is just the identifying name of the device. Most devices come with an SSID set to something like “Linksys” or “Netgear”. Anytime you try to connect a device over wi-fi, the list of names you see are all the device SSIDs. An SSID really shouldn’t hint at anything like the make or model of the device or anything more personal like your name or address. Pick something unique that you can identify. It doesn’t have to make sense to anyone else.
      • Note: Up until a few years ago, it was though disabling the SSID broadcast was more secure. In fact, it’s really not all that hard for an attacker to determine the SSID on systems that don’t broadcast. From a security perspective it doesn’t make much difference whether you set up your device to broadcast the SSID or not.
  • Shut the wi-fi off for extended periods of non-use
    • Getting ready for vacations are hectic enough, but if you know nobody will be using the wi-fi for a period of time, shut it off. If it’s not running, then you don’t have to worry about anyone using it when you’re not around.
Maybe by this point you’re thinking this seems like a lot of messing around. What’s the harm in just plugging the thing in and using it? Well, you could do that, but if you read the papers or watch any kind of news program, you will undoubtedly see examples why securing wi-fi is a good idea. Here are a few articles I’ve seen, but there are more out there:

wi-fi raid
wi-fi hacker sentenced

So even if you go through all these steps, does that mean you will never get hacked? That is hard to guarantee. It will though, probably discourage the casual attacker. The tougher you make things, the less likely an attacker will spend time trying to defeat the security. Simple rule of thumb – don’t be the low hanging fruit.