Wireless network is relatively cheap to deploy, easy to setup and configure. In order to make it more secure following steps will be helpful.
Change the default password
Almost all wireless devices can be managed via a web interface that can be accessed by simply typing its IP address in a browser’s address field. While the admin interface is password protected, the default password set by the manufacturer is always the same. Anybody can download the manual from the manufacturer’s website, and get the default password. As a result, an intruder can hack our system.
Disable SSID Broadcast
The SSID is the name of the wireless network. In order to connect to a wireless network, its name needs to be known. By default, wireless gateways happily broadcast the SSID to be picked up by any wireless network device for easy configuration. Hiding the SSID by disabling SSID broadcast will make it much harder for an intruder.
Change the SSID
Disabling SSID broadcast doesn’t help much if the SSID remains the manufacturer’s default, which is just as easily found in the manual as the default admin password. The SSID should be changed to a custom phrase.
Enable encryption
Wireless devices support the wireless encryption protocol (WEP) with either 64-bit or 128-bit encryption. 64-bit encryption has been proven to be very weak and easily broken, 128-bit encryption is recommended. Encryption works by entering the encryption key on the wireless gateway as well as on the PC with the wireless card. All transmitted data is encrypted for the transfer between the two devices. If the encryption key does not match, the wireless gateway will not communicate.
Disable DHCP
Most gateway devices by default have DHCP enabled. This means that any new host on a network that makes its presence known and broadcasts a request for an IP address and TCP/IP configuration information will be automatically provided this information without questioning. This is very convenient for the legitimate user because it means real plug-and-play (minus the “plug” part since it’s wireless). However, it also makes it very easy for the intruder to connect to a wireless network.
While it is an inconvenience and requires more maintenance from the legitimate user, disabling DHCP and manually assigning static IP addresses creates another hurdle for the intruder.
Change the default subnet
Disabling DHCP doesn’t help much if the subnet remains the manufacturer’s default, which is just easily found in the manual. Most devices use the common default subnet of 192.168.0.0 with a subnet mask of 255.255.255.0. The subnet should be changed.
Use MAC address filtering
Each network adapter has a unique hardware address also called MAC address. The first half of the MAC address identifies the manufacturer of the network adapter, the second half identifies the network adapter. This hardware address is unique (more or less) for each network card. Most wireless gateway devices support MAC address filtering. The way this works is that the legitimate user creates a list and enters only the MAC addresses for network cards that he is aware of and that he wants to be able to access the wireless network. Only machines with an authorized MAC address are allowed to participate in the network.
Practice safe computing
Even though the network is private and hidden behind a gateway device with a firewall, common sense precautions still need to be used, like:
Use safe passwords for all user accounts.
Change passwords every month.
Password-protect any network shares.
Require a user login for all computers, disable the guest account.
Install Antivirus software on all computers and keep it current .
Install software firewalls on all computers .
Monitor log files such as event logs, firewall logs, antivirus logs, etc. for unusual activity
Conclusion
As documented in this article, there are many very valid reasons why all wireless networks should be secured. It is extremely easy to do so with not much effort and little time. A few minutes of reading the manual and a few minutes of changing settings could prevent a boatload of trouble in the future.
