In IP Addresses and Security, I wrote about how the Internet works — your computer has an IP address, your intended destination has an IP address, and both have to know and use the IP address of the other in order for communication to occur between them.
The article was in response to a reader who wrote to ask if he could keep his IP address secret, since he had been accused of copyright infringment by downloading a movie (which he says he didn’t do).
One of the potential issues was that his IP address could have been involved, even without him or anyone in his family being involved.
He uses a wireless router, as many of us do. He mentioned that he had a wireless password that had to be used in order to access his router. This kind of password is not a log-in password to the router — it is a password to the router’s encryption. Over the years, though, password security has gotten better and better. Unfortunately, some of the older encryption methods have become almost trivial for someone to crack with today’s fast computers.
However, even using the best wireless encryption available isn’t enough. There are other steps necessary to secure a wireless network.
First, though, let’s look at encryption method. Today’s state of the art for consumer-level encryption is WPA2. If you have Windows XP Service Pack 2 or earlier on your computer, your Windows XP computer probably can’t do WPA2. All you have to do to get it is to either install Service Pack 3 or download the WPA2 update from www.microsoft.com.
You may have to update the firmware in your wireless router so that it handles WPA2. That’s a pretty easy, but kind of scary, step.
One problem I’ve seen with some people’s wireless networks, though, is that they have older Windows Me computers or older versions of wireless printers, where they have to use WEP (so-called Wired Equivalent Privacy — yeah, right, like that’s possible with wireless — no, it’s not possible.)
If you have hardware that’s forcing you to use WEP on your network, you need to upgrade that hardware. WEP is easily cracked with enough sample data, which a neighbor kid can easily obtain as you wirelessly communicate on your network.
So, our second step is to set up the router to only talk to the specific network adapters we want to authorize for our network.
To do this, you configure the MAC address filter in your router. Wireless routers have configuration options where you can specify a list of Media Access Control (MAC) addresses, which are unique to each network interface device (network card, wireless card, router, etc.) — not just unique to each model of hardware, but unique as to each individual piece of hardware.
You can find the IP address of your wireless card Start > Run > CMD (enter) > ipconfig /all (enter). Windows XP will list the interfaces, such as "Ethernet adapter Wireless Network Connection" with one line showing Physical Address. This is the MAC address.
Find the MAC addresses of each of your computers’ wireless adapters. Then, using your web browser, open the wireless router’s configuration menu, pick the tab to set up the wireless MAC address filter, set it to "Allow only these MAC addresses to connect" and enter them into the table. Although Windows XP puts dashes in the MAC address, your router probably will make you type the address without dashes. By the way, this step helps, but it doesn’t solve the issue, as every broadcast data packet includes the MAC address — and there’s software that will let an attacker spoof your MAC address.
You should also change the default SSID name for your router. This will make it easier for you to make sure that you’ve connected to your router and not a neighbor’s. It will also mean that, if you have Windows set to automatically log onto a network called Linksys (the default SSID for Linksys wireless routers), you won’t accidentally connect to the one at your local coffee shop before you are ready (who remembers to change settings before leaving home?).
You might turn off broadcasting of the SSID. This could help, but there are arguments over whether it does or doesn’t.
Don’t forget to change the default Login ID (if your router actually uses it) and the default password on your router.
Read my Wireless Security article for more details on settings for your router and your wireless PC’s and notebooks. Some issues are ways to set up your home network in order to help you stay safe when you take your notebook elsewhere.
Don’t forget to open the manual for your wireless router. It will have details on how to perform the configuration steps you need to take, and sometimes also includes a good explanation of why you should take those steps.
Finally, don’t ever believe that you can actually secure your wireless network. If you want the convenience of wireless, you will have security risks that you would not have if you used Ethernet cables to each of your computers. With wireless, all you can do is to make it harder for someone to connect to your wireless router and, through it, to the Internet and to your home network. Your goal is to make it difficult enough that the bad guy goes elsewhere.