You cannot physically prevent someone from connecting to your wireless network, but you can take the following steps to keep your network secure: Show
Wireless devices have a default wireless network name or SSID. This is the name of your wireless network, and can be up to 32 characters in length. To protect your network, change the default wireless network name to a unique name to distinguish your wireless network from other wireless networks that may exist around you. When choosing names, do not use personal information (such as your Social Security number) because this information may be available for anyone to see when browsing for wireless networks. For wireless products such as access points, routers, and gateways, you are asked for a password when you want to change their settings. These devices have a default password. The default password is often cisco. Hackers know these default values and may try to use them to access your wireless device and change your network settings. To thwart unauthorized access, customize the device’s password so it is hard to guess. Cisco routers and gateways give you the ability to enable MAC address filtering. The MAC address is a unique series of numbers and letters assigned to every networking device. With MAC address filtering enabled, wireless network access is provided solely for wireless devices with specific MAC addresses. For example, you can specify the MAC address of each computer in your network so that only those computers can access your wireless network. Encryption protects data transmitted over a wireless network. Wi-Fi Protected Access (WPA/WPA2) and Wired Equivalency Privacy (WEP) offer different levels of security for wireless communication. Currently, devices that are Wi-Fi certified are required to support WPA2, but are not required to support WEP. A network encrypted with WPA/WPA2 is more secure than a network encrypted with WEP, because WPA/WPA2 uses dynamic key encryption. To protect the information as it passes over the airwaves, enable the highest level of encryption supported by your network equipment. WEP is an older encryption standard and may be the only option available on some older devices that do not support WPA. On this page:
OverviewWireless networks have security risks beyond those of a typical wired connection: since anyone within range can potentially connect to your wireless access points, you should take extra security precautions when setting up your home wireless network. The methods listed below vary in their effectiveness, but a hacker will probably try to find the path of least resistance to break into a network. The more of these measures that you take, the greater the chance that someone will move on and attempt to locate a less secure network. The University Information Security Office (UISO) recommends taking the actions described below to secure your wireless network and your computer. An additional helpful resource is Guide to Creating a Secure Home Wireless Network. Stay up to date with patches and updatesAs with any computing device, your router has special operating software called firmware. Most mainstream commercial companies will release patches or updates to that firmware. While these are not frequent, they can often fix security vulnerabilities in the hardware. You can likely check for updates in the router administration area. Any wireless router/access point (WAP) you purchase needs to have regular security updates available from the vendor. Vendors that have regular security updates include Netgear, Linksys, and D-Link. Another effective practice is to ensure all updates and patches are applied to the devices connected to the network. Gaining control of one device on the network, especially an older, forgotten machine, gives an attacker a foothold to move on to other, more valuable targets. If you're not using a computer or other device, turn it off, or at least disconnect it from the internet, if possible. Choose a strong administrator passwordMost routers require an administrator password to access the setup and configuration settings. However, the default passwords for these routers are generally weak, and some have none at all. You should change the default password to something strong. Once you have set up your wireless network, you will probably not need to use this password frequently, so you can use a very strong password without worrying about the difficulty of typing it in. If you do lose the password, you will have to reset the router to factory settings and set up your network again. You may wish to consider passphrase vaulting to store these passwords. Some routers will also let you change the administrator name; this is another good way to protect the security of your WLAN. Disable remote administrationMany wireless networking routers offer the ability to allow administration of the router remotely, from anywhere on the internet. Unless you require remote administration and are very familiar with WLAN administration and security, it's a good idea to disable this feature. Otherwise, anyone connected to the internet could conceivably gain administrative access to your router and network. Use encryptionFor best security, you should enable or set an encryption password. All Wi-Fi equipment will support a form of encryption; you should choose the type that is most secure and will work across all the devices you need to connect. If possible, use WPA3 (Wi-Fi Protected Access). If you are using a home wireless network, you should choose WPA3 Personal. Some older devices may be unable to connect to a WPA3 network; in these cases, use WPA2. There are still some old devices that may not even be able to connect to a WPA network, and will require WEP (Wired Equivalency Privacy). While WEP encryption is slightly better than none at all, WEP is not considered secure, and you should avoid using it. Change your default SSIDYour SSID (Service Set Identifier) is the name of your network. Most commercial products have a default name (for example, Linksys routers are usually set to "linksys"). You should change this default name to a unique, robust name, preferably a longer one with letters and numbers. Your new SSID should not contain sensitive or personally identifiable information such as your name or address. Use MAC address filteringMAC addresses are unique to each network adapter, whether wired or wireless. Most wireless routers offer some sort of MAC address filtering, which will limit access to your wireless network to specifically allowed devices. Specifying permitted MAC addresses can be time-consuming, especially if you have many wireless devices or change them frequently. Also, a knowledgeable hacker can easily spoof or fake a MAC address, so you should not rely on filtering to protect your WLAN. Because MAC addresses are so easily spoofed, security experts do not consider MAC address filtering a viable security practice in isolation, but it may still be worth adding to the other steps described above. Related documentsWhy is security so important in wireless networks?WIFI security prevents unauthorized users from accessing your WIFI and stealing any data. It creates a barrier by encrypting your private data, like network requests or files you send, as they are broadcast over airwaves.
What are some security issues to consider when setting up wireless networks?The three most common WLAN security threats include: denial of service attacks - where the intruder floods the network with messages affecting the availability of the network resources. spoofing and session hijacking - where the attacker gains access to network data and resources by assuming the identity of a valid ...
Why do we need to configure a wireless network?Security is always important; with a wireless network, it's even more important because your network's signal could be broadcast outside your home. If you don't help secure your network, people with PCs nearby could access info stored on your network PCs and use your Internet connection.
|
