Tutorials > Firewall - protect your computer & network > How to lock down your network from snoops, hackers and war drivers
How to lock down your network from snoops, hackers and war drivers
written by Travis Whidden
Let's face it, wireless rules. The ability to sit outside on the patio with the notebook and surf the internet while watching the babes walk by on their way to the beach is a techie's dream come true. However, if you don't take the proper steps to secure your wireless network, that dream can turn into a nightmare. Unless you want to leave your network wide open to visitors, neighbors, data thieves, war drivers, hackers, snoops, etc., you absolutely must take security measures to lock down your wireless network.
How tightly you want to lock down your wireless network depends on your level of paranoia. To help you out we have prepared a step by step how to on locking down your network from unwanted attacks. To serve you better we rated the important of each security protocols on a scale of 1 to 10 with 10 being the most important. Doing all the steps listed here won't make your wireless network hacker proof but it will greatly reduce the risk of a security breach.
Firewall - Importance: 10
Setting up a firewall is a must for any wireless network. A Firewall keeps out the bulk of attacks against your network from hackers and those really mean scripts like the blaster worm, which still regularly attacks open networks. The Blaster doesn't care if your network is big or small; if you're connected to the internet, chances are the worm will find you so it's ultra important that you take action to stop it.
Almost every router today has a built-in firewall and they're normally turned on by default so you shouldn't have to fool around with it. Just be sure not to turn it off by accident.
Changing The Default Password - Importance: 10
This is like a no brainer step but so many people don't do it. It goes without saying that a password of admin or 1234 isn't going to trip up a lot of hackers. Yet many users never bother to change it. We have lost track of the number of time we have discovered a completely open network with the default password still in place. We could have logged into the router, changed the password and enable encryption plus some of the other security measures and completely lock the owner out. The renders his brand new Wi-Fi router useless to him.
The first thing you should do when setting up a new wireless router is to change the password to something less obvious than 1234.
Encryption - Importance: 10
One of the most important pieces of wireless security is also one of the most daunting for the average user. However, fear not, as we will explain how easy it is to configure encryption on your wireless network.
What encryption does is garble up the data going over the wireless network to prevent hackers and snoops from understanding the intercepted data. Passwords and credit card information might be encrypted when they go over the internet but they can be transmitted in the clear between your notebook and your router if encryption is not turned on. Because of this it is crucial that you have encryption enable.
Most wireless routers have two type of encryption: WEP and WPA. WEP is the original Wi-Fi encryption system. WEP asks you to create a long key formed of hexadecimal characters. This key is entered into the router and the wireless clients. If the two keys match, the device can talk to each other and access is granted. Most router offers both 64-bit and 128-bit encryption. In theory, more bits equals more security. A 128-bit key is 26 character long, making it next to impossible to get your key by taking a wild guess.
WEP offers two authentication types: Open and Shared. Open means the any device can enter a valid WEP key to connect. Shared adds a layer of authentication to the encryption process and can be more troublesome than an Open system. Also not all devices support Shared key.
Turning on Encryption is quite easy for most router. Just log into the router admin and find the WEP setup. Then enter a Passphrase to create a 64-bit or 129-bit WEP key. Copy this key to your notebook and any other wireless devices you wish to have access to the router. Any war drivers doing a drive by will be locked out because they won't know the key. This doesn't mean they can't break in however. Hackers can crack WEP using a utility like AirSnort.
Depending on how much security you're after you may want to change the WEP key once in a while to keep those hackers at bay. Yes this is a pain in the neck but it's the only solution if you're using WEP. The other option is to upgrade to WPA security, but older devices will require a firm upgrade to support this standard. WPA improves on the WEP process by generating the key for you automatically and periodically changing it for you as well.
MAC Filtering - Importance: 5
MAC filtering is a really nice security method that lets you control exactly which laptop or wireless device can access the network. Using it is surprisingly simple; just input the MAC address of each network adapter on your network into the list of allowed devices. The router will deny access to anything else.
The downside to MAC filtering is it makes it more difficult to allow new users to the network as you will have to add a new MAC address for each new device you want to allow on the network. To find the MAC address of your notebook type ipconfig /all. The Physical Address entry is your MAC address.
While MAC address is unique to each machine, they can be a target for spoof attacks. If a hacker knows the MAC address of a system, he can duplicate or spoof that on another machine to gain access. Because of this you should not rely on MAC filtering alone to protect your WLAN.
Disabling SSID Broadcast - Importance: 5
The SSID is the name of your wireless network. Out of the box, your router will have a name like Linksys or default, so as a first step you should change the SSID name to something else (but don't call it the FBI or The Whitehouse unless you want to attract hackers like bees to honey). SSID broadcasting means that your router lets any wireless client within range know that a router is available. Clients are then given the option to attempt to connect to the router. If the router is completely open, anyone will be able to log on and do whatever they want.
The first step for war drivers looking for wireless networks to hack into is to find them. By turning off SSID broadcasting, clients have to manually enter the network name in order to discover it. Disabling SSID broadcasting is a good example of security through obscurity; if they can't find you, they can't hack you.
As an addition to encryption and other security measures, disabling SSID broadcast is a good idea. Sure, you'll have to enter your network's name when adding new computers, but it's probably worth the extra effort. Besides, having a stealth WLAN is kinda cool.
Changing The Router's IP Address - Importance: 3
Most router come pre-setup with the IP address 192.168.1.1. Your internal network will run on the dummy 192.168.x.x network. This is a convenient way to remember where the router is located. You can make it harder for hacker to find you by changing the last two digits of the default address. Any number that is under 256 will do. For example you can use 192.168.47.25.
The only problem this might create is that you may forget your router's new IP address. The easiest solution to do that would be chose two numbers that you know well or bookmark the IP address on the computer you use most to admin the WLAN.
Scheduling - Importance: 2
How would you like to offer free wireless access to your users during the day but lock the network down at nights and or weekends? Most routers let you set the day of the week and times of day during which wireless service is available.
You'll find this option under Schedule or a similar menu item. Once there, simple check boxes will let you configure days and times during which wireless service will be available or blocked. This effectively turn off your router during times when it shouldn't be used.
Similar Information from this category