Friday, October 07, 2005

No more free access for you...

What if I told you that your neighbors were all accessing your cable TV and using it for free? How about your telephone service? Or your cell-phone service. Would you care?

What about if it wasn't limited to your neighbors - and anyone driving down your street could use your services.

Would you spend the ten minutes, if that's all it took, to fix your problem and stop the freeloaders, or would you just let them all use your services - and assume they'd all use it legally?

My guess is that the overwhelming response would be "Of course I'd stop them. What are you, some kind of idiot?"

But many people, probably a good 20% of all households with wireless internet access (based on the networks I see wherever I go), are sitting there today with wide open networks, available to the world when all it takes is a few easy steps to lock it down.

Don't feel bad though, the hardware providers leave a lot to be desired when it comes to informing you about security. All security features are listed as "options", and for many home users, that means it's something hard to do that I don't really need.

Well, it's not that hard to at least get a modicum of security. Below we'll focus on the three easiest things to do, in order, to at least get you off the "free and easy" list.

Stop broadcasting your SSID

Your wireless router has what's called an SSID (Service Set IDentifier). This is the unique name that your router will be called when it appears on a list of available networks in your network listing. Unfortunately, most people make two mistakes regarding the SSID. First, they don't rename it and second, they broadcast it.

Naming your SSID is important. If you don't, then instead of being "unique" to you, it appears, for example, as "linksys" in your list - and you may also have 5 other neighbors whose networks are called "linksys". So, rename yours. Then, once you've renamed it, turn of the SSID broadcasting. What that means is that someone needs to already know the SSID in order to connect, it will not show up in the available networks listing.

For you, that shouldn't matter - it's your router and you can remember the name (and you only need to know it the first time you connect, at which point it's stored for you). For everyone else, they don't see it - so they can't select it for use. You may think that's enough security, but in reality this only protects you from the most novice of users (which may in fact describe your neighbors), and it doesn't really secure your network. If someone guesses your SSID (for example if you made it your last name), then they can still get right in. But, it's still your first line of defense, and much better than nothing at all.

Get WEP'ed

The next level of protection is adding encryption to the wireless connection. There are several types of encryption available, depending on your router, but the most common is still WEP - which comes in two versions: 64-bit and 128-bit encryption. But what does this mean?

Basically, it's very simple. You set up a passphrase on the router, and then you store the same passphrase in the network connection settings on your wireless connecting computer (laptop or desktop). When any computer then tries to connect to your network, the router verifies this encrypted WEP passphrase. If it's correct - as your computer will be - then the router lets you connect. If it's not - like your freeloading neighbors - then they're not allowed to play. Easy, but effective.

Again, this is not foolproof, and a good hacker can get around this - but for the vast majority of users, this is plenty of protection. But if you want to go one step further...

A MAC is not a Mac

The next level of security, which can truly lock down your network, is to use what's called MAC Addressing. No this has nothing to do with an Apple computer. A MAC address (Media Access Control address) is a unique identification number that is assigned to every wireless device. Your router has a MAC address, as does the wireless card in your computer - it's like the serial number for that specific piece of hardware.

To greatly improve your wireless network security you can set your wireless router to talk only to computers with specific MAC addresses. To do that, you will need to go into your router's configuration program and enable MAC Addressing. Then you enter the MAC addresses of the computers you wish to allow to connect to the network.

The MAC addresses of your computers are easily found, for both Mac or PC. For a PC, open a Command Prompt window and type "ipconfig /all" and then look for the "Physical Address" of your wireless card. For a Mac, open System Preferences and go into Network preferences. Make sure your Airport card is selected in the "Configure" pulldown and then select the TCP/IP tab. Your MAC address is listed as the "Ethernet Address."

You must add en entry in your router's configuration for each wireless device you want to allow to access your network.

That's it. Oh yeah, and don't forget to change the default username and password for your router's admin/configuration login. Otherwise, if a hacker was able to get onto your network, they could very easily take control of the router and lock You out!

So, take a few minutes and make your wireless network safe. Otherwise, you have no one to blame but yourself for the consequences.


At 8:55 PM, Blogger N.J. said...

Well, a lot depends on the specific router, because the screens where you set these things are different from router to router.

But for all of them, you change the settings on the router by logging in to it through a web browser.

Each router has a specific IP address that you can get to when it is connected to your computer (via ethernet cable). So, for example for many Netgear routers you open IE and then go to address and that opens the configuration program.

You will be asked for a username and password. If you've never been there before, use the defult values. The default values will either be printed on a tag on the bottom of your router, or they will be listed in your users guide.

Once you're in, look for the "Wirless" settings and you should find everything you need right there. There should be a field for the SSID, a checkbox for broadcasting the network/SSID, settings for WEP, etc.

And, this should all be in the users guide for the router.

Good luck!

At 1:03 PM, Blogger N.J. said...

Jeff, No, you don't want the IP address of the ethernet in your computer (that's what you get when you type ipconfig). You're looking for the Router's IP address.

Again, the appropriate IP address for the router should be printed on the bottom of your router.

Yes, you need to be connected to the router via ethernet, not wireless. There is no way you *can* connect to it via wireless before you configure it - and you don't want to configure it via wireless because any change you make will automatically disconnect you because the wireless settings change, and you won't be able to complete the operations.

At 8:44 PM, Blogger Unknown said...

Good information. Lucky me I discovered your site by chance (stumbleupon). I have book-marked it for later! mail login sign


Post a Comment

<< Home