In order to secure a home wireless network, we have a number of simple steps to take.
The first, and very important, step is that we need to configure the security while we have a wired connection between our computer and the router. Why? Because the changes we make will lock out the wireless computer and could require resetting the router to the factory settings in order to reconnect.
So, get your Ethernet cable, hook it to the wireless router and to your computer. If you’re still running Windows XP, you may have to reboot to get an IP address assigned to the computer by the (wireless) router.
I’ll use the Linksys WRT54G as my example wireless router. This router does 802.11b and 802.11g.
Since the 802.11n specification was approved in September 2009, the "n" routers that have been on the market for a while have been built to the final approved specifications.
Looking at the first image, we see that we can restrict the router to specific protocols (and their speeds) if we choose. Mixing b and g on the same network can cause the whole network to slow down. We can also pick the wireless channel, from 1 to 11 — this is to avoid interference with neighboring wireless networks.
The next item, the SSID, is the first security-related choice. Think of this as a name for the wireless router. Its main use is so that you can make sure that you are connecting to your own router, and not your neighbor’s. This becomes important if you share files and printers.
The choice of SSID name is not critical — just use some word or words that are neutral and DO NOT IDENTIFY YOU. Why point out to the neighbors and their kids that your network is yours?
The other thing to change, which is normally set to Enable, is the Wireless SSID Broadcast setting. If you know your router’s SSID, you can connect to it. If you let the router broadcast the SSID, everyone can easily find your network.
Now, we need to pick the security mode, that is, the class of encryption technology that we want to use. Both the router and the wireless device need to support the choice.
Security modes available on the WRT64G are Disabled, WPA Personal, WPA Enterprise, WPA2 Personal (the best so far for home users), WPA2 Enterprise, RADIUS and WEP. WEP is the original wireless for home users and was inappropriately named "Wired Equivalent Privacy" — it wasn’t.
Next we pick the actual encryption algorithm (the program logic) to encrypt the data while its being transmitted wirelessly. The choices vary with each security mode. For WPA2 Personal, the encryption algorithms available are AES and AES+TKIP. Pick AES+TKIP.
Finally, we get to enter the wireless network password (the key). Your router will tell you what the available choices are, but they will include at least numbers, lower case letters and upper case letters. They probably include punctuation marks. However, spaces are probably not allowed in the password.
The Wireless MAC Filter allows us to define whether specific wireless devices are allowed to connect to the router wirelessly. This uses the Media Access Control (MAC) address, which is a unique set of numbers assigned to each individual internet capable device (that is, the network card has an IP address; the whole computer does not have one).
First, we have to turn on the Wireless MAC Filter. This is normally turned off so that the wireless network will work immediately (in order to prevent unneeded product returns).
Then, we get to choose whether to use the MAC Filter List to prevent access or to allow access. I haven’t figured out the circumstances in which "prevent" makes sense. Well, if you have two wireless routers, you could use this to prevent a device from connecting to the wrong router. The problem is that you’d have to identify all the devices that you did not want to connect.
The more logical choice is to use the list to permit access to the wireless network.
Finally, we see an example of the MAC Address Filter List.
MAC addresses are made up of six pairs alphanumeric values. Each number pair constitutes an actual hexadecimal (base 16) number, and ranges from 0 to 9, then A to F. The number pairs range from 00 (zero) through FF (255).
Different routers may allow you to enter the MAC addresses in different format, with the number pairs separated by colons (the Linksys way), commas, spaces, or not separated. The important thing is that all six number pairs are entered correctly — otherwise, that device will be blocked from the network.
That’s about it from a home-user point of view. Businesses have different classes of equipment with much higher prices, much more configurable options, and IT departments to manage their networks, including preventing intrusions.
These steps will help you protect your computer and network from access by unauthorized people. They won’t prevent it completely, just as a locked car door won’t prevent the car from being stolen.
Wireless connections simply are not as secure as wired ones. They’re just hugely more convenient, and, with 802.11n and draft-n equipment, much faster than the 10/100Mbit wired networks that most of us use.