With the introduction of the IEEE 802.11n draft, wireless router transmission speeds have made a qualitative leap. However, many users focus solely on speed while neglecting wireless network security. Take myself as an example: from my apartment balcony, I can detect seven or eight wireless connections, some without any password at all, allowing me to easily “share” their network bandwidth. According to surveys, 90% of network intrusions occur because the wireless router has not been configured with the appropriate security settings. The following introduces several basic security setup methods that can help you avoid most threats.
1 Disable the DHCP Function
DHCP stands for Dynamic Host Configuration Protocol. Its main function is to help users randomly assign IP addresses, saving them the trouble of manually setting IP addresses, subnet masks, and other required TCP/IP parameters. While this is a user-friendly feature, it is often exploited by malicious individuals. The DHCP function on typical routers is enabled by default, allowing all wireless devices within signal range to automatically obtain an IP address, which creates significant security risks. Attackers can easily obtain a lot of information about your router through the assigned IP address, so disabling the DHCP function is very necessary.
2 Wireless Encryption
Many wireless routers now feature wireless encryption, an important protective measure that secures transmitted data by encrypting it over radio waves. Typical wireless routers or APs support WEP and WPA encryption. WEP generally includes 64-bit and 128-bit encryption types; you only need to enter a string of 10 or 26 hexadecimal characters as the encryption password to protect the wireless network. The WEP protocol encrypts data transmitted wirelessly between two devices to prevent unauthorized users from eavesdropping or intruding into the wireless network. However, WEP keys are usually stored in Flash memory, so some hackers can exploit vulnerabilities in your network to easily gain access.
WEP encryption appeared earlier and has now largely been upgraded to WPA encryption. WPA is a standards-based, interoperable WLAN security enhancement solution that significantly improves data protection and access control levels for existing wireless LAN systems; WPA strengthens the algorithm for generating encryption keys, making it nearly impossible for hackers to calculate the common key even if they collect and parse packet information. The advent of WPA makes network transmission more secure and reliable.
It should be noted that the wireless encryption function on most routers is disabled by default from the factory. If you forgo this function, your network becomes an extremely insecure one. Therefore, the author recommends that you enable this function after setup.
3 Disable SSID Broadcast
Simply put, the SSID is the name you give to your wireless network. When searching for wireless networks, your network name will appear in the search results. If an attacker uses common initialization strings to connect to the wireless network, it is very easy for them to invade your wireless network. Therefore, the author strongly recommends disabling SSID broadcast.
Also, note that the default SSIDs for specific models of access points or routers, such as “netgear, linksys, etc.”, can easily be found online, so you must change them promptly. For a typical home user, choosing a distinctly different name is sufficient.
After disabling SSID broadcast, you will find that when searching for wireless networks, the network is ignored by the wireless network card because no SSID broadcast is being made. Especially when using Windows XP to manage wireless networks, this achieves the goal of “hiding in plain sight,” making the wireless network undiscoverable. Although disabling SSID broadcast slightly reduces network efficiency, security is greatly improved, making it very worthwhile.
4 Set Up IP Filtering and MAC Address Lists
Because each network card’s MAC address is unique, you can enhance security by setting up a MAC address list. After enabling the IP address filtering function, only users whose IP addresses are in the MAC list can normally access the wireless network; others not on the list naturally cannot connect to the network. Additionally, be sure to select the “Only allow access to the wireless network for MAC addresses that are activated in the established MAC address list” option in the “Filtering Rules,” or else the wireless router will block all users from connecting to the network. This method is very practical for home users. Simply add the number of computers you have at home to the list, which can prevent neighbors from “piggybacking” on your network and thwart intruders.
5 Proactive Updates
Search for and install the latest firmware or driver updates for your wireless router or wireless network card to eliminate previously existing vulnerabilities. Also download and install updates for your operating system related to wireless functionality, such as Windows XP SP3 or Vista SP1, etc., to better support the use and security of your wireless network and equip your devices with the latest features.
Also, a reminder: if you forget the password you set, you can restore the device to factory defaults by pressing and holding the reset button, but you must remember to reconfigure the settings afterward.
As wireless network speeds get faster, wireless networks should also become more secure. In fact, simply performing the few configurations described above can significantly raise your security level. A wireless network environment is not just about getting connected; doing your security homework thoroughly allows for more peaceful and enjoyable usage. Although the methods introduced above are simple, they are very practical. If your wireless router has not yet implemented these methods, the author strongly recommends that you go and apply these settings now.
[Editor’s Recommendations]