Wi-Fi Security for homes

by Nikhil Joshi

N

ot too long ago, there was a time when there was one desktop at home and the head of the house would poll the machine time between each member in the house.

Today a typical urban household contains at least one laptop for each earning member, leaving out the old desktops for the kids to fool around with.

The need for Wi-Fi comes in at this point, where each machine needs Internet and tedious wiring is to be avoided at all costs, which includes breakage in crimping and the prohibitive costs in purchasing a switch/router apart from the modem required for using the internet. Also comes in the cost of meters and meters of CAT-6 cable and casing-capping them to make it look neat (in case you never got concealed cabling done in the first place).

These were the obvious demerits of wired networks; the more non-obvious ones are limited number of users, and assigning network address for each machine in the network.

As an argument it can be said that the last two flaws are available for wireless networks also; in fact those two are the most serious flaws of an unsecure network.

So you finally bought your Wi-Fi modem-cum-router, and you are in an obvious hurry to get it working; here our problems begin.

Remember a Mr. Haywood? Whose Wi-Fi took him wayward? Yes. We are willing to admit that our Wi-Fi is unsecure and can land us behind the bars.

Before we begin, let us remember that no network is 100% secure. Nobody gives any guarantees; not even the guy who developed the WPA (Wi-Fi Protected Access) algorithm. Our only choice is “Constant Vigilance” as Mad Eye Moody would say.

Following are the steps we can take to keep our home networks secure from unwanted intrusion.

• 1. Positioning the router:
• First things first. Never position your router near a window or a door, which will increase its external range and make you vulnerable. Place the router in such a way that it’s in the center of your house, so that you can get full signal in any corner and unwanted publicity is reduced.


• 2. Enable firewalls:
• Both, computer and the router have inbuilt firewalls; the basic setup should begin with enabling them. No machine should have their firewalls disabled.


• 3. Assign Static Address:
• Generally all the networks these days use DHCP, dynamic host control protocol; this protocol assigns free IP addresses automatically to the machines which enter the network. These IP’s ideally begin from 192.0.0.0 onwards. If you have a client server setup at home, then you can tell the professional to change this to manual addressing technique. This would give you two positive points; first, each machine entering the network would be under your explicit control. Secondly, you can start the IP address range from what you wish and it need not begin from 192.0.0.0.


• 4. Change default administrator passwords & usernames:
• At the heart of all Wi-Fi home networks is modem/router. For initial setup of equipment, manufacturers provide administrative interface which allows the owner to enter into the router, which is usually done through a browser at a default IP address. This is the low level entry barrier which, if broken can give the hacker complete control to your network. So administrator password should be changed without fail. Also the same thing goes with the user name. In most cases, the username admin is the default; changing that gives you better chances of protecting yourself.


• 5. Turn on Encryption:
• Once you enter the administration area of the router, you have to generally carry out a basic setup in which you need to specify whether you need encryption or not. Most of the home users, who do a setup on their own, have no idea of the types of encryption available and their compatibility issues. I already mentioned WPA, and then there is WPA2 which is an advanced version of the same and WEP. Our aim is to select the highest possible encryption technology which our network can support without any compatibility issues.


• 6. SSID:
• an SSID is the name of a wireless network. All wireless devices on a network must employ the same SSID in order to communicate with each other. It stands for Service Set Identifier. If you are using a Linksys router, your default SSID would be ‘linksys’. In case we do not change the SSID, it gives a wrong signal to the hacker, saying, we are not conversant with the details and his/her entry would be easier. There are a specific set of hackers called ‘wardrivers’ who scan for such default SSID’s so that latching on to them becomes easier.


• Apart from changing the SSID from default, there is one more aspect we have to take care of; there is a default setting in the router, which enables broadcasting of SSID. This should be disabled, as it would be an internal network and the neighbors would not know the SSID which is being used.


• 7. Enable MAC Address Filtering:
• Each piece of hardware which is used has a unique MAC Address, which is used for identification purposes. In your computer, your LAN card MAC Address is used to identify your machine. Since this is a home network, and there is a consistency in the number of visitors, it is safe to enable the filtering of unknown MAC Addresses. It gives only a basic level of safety as MAC addresses can be duplicated easily.


• 8. Turn OFF when not in use:
• Since this is a home network and not a commercial one, there is no need for the network to remain active 24x7. You should make it a point to turn it off when not in use. So that accidental network discovery is avoided. It would also save the machine from unwanted power surges.