How To Setup a Secure Wireless Network

Posted on February 26, 2010 by Prathap

Early this week, I had to help my friend setup his wireless connection at home.  He wanted to be sure it is most secure and does not have to worry about configuring his laptop every time he connects.

Here is how I configure a wireless router every time I setup a wireless network.

Change the Default Administrator Username and Password
Firstly, this is just good practice for ALL hardware and software. The default passwords are easily obtained and because so many people do not bother to take the simple step of changing them they are usually what hackers try first. Changed the default password on the router to a complex one.

Disable SSID broadcast
Service Set Identifier (SSID) is a name used to identify a wireless network.  Though disabling SSID broadcast does not provide in-depth security, it does help protect from worms, viruses that spread by scanning for broadcast SSIDs. Also, it acts as a first level of protection against casual wireless network scanners.

Note: SSID broadcast needs to be enabled every time a new client needs to connect to the network. Though MS Windows has an option to say “Connect to the network even if it is not broadcasting”, it does not connect the first time a client is configured to connect to the wireless router. Once configured a client will automatically connect to the wireless network even when the SSID is disabled.

Restrict access by MAC address
My friend uses a laptop and desktop at home.  Configured the router to allow *only* the MAC addresses of this laptop and desktop to connect to the network.

Use WPA2-PSK encrytion
Obiviously, did not want to use WEP for its weaknesses. WPA2-PSK is the best available option and has Advanced Encryption Standard (AES) . WPA2-PSK stands for Wifi Protected Access version 2 – Pre Shared Key.  Configured a tough to guess or crack network key.

Note: If you use Windows XP with SP2 on it, chances are that WPA2 support might not be available on it yet. Install the Microsoft Patch KB893357 to have Windows XP support WPA2.

Disable default remote administration settings
Restricted the wireless router admin console to be  accessed only from IP address of the Desktop (through the wired connection) .

What other steps do you usually take to securely configure a wireless network?

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>