WARNING – GEEK CONTENT AHEAD:
Since Windows XP SP2 is out and my machine is working a bit better, WPA [Wireless Protected Access] now protects my WLAN. Previously, when I had just purchased my 802.11b/g WAP and NIC [to replace my dying D-Link equipment which didn’t support 128-bit WEP much less the newer WPA standard] I attempted to configure WPA as a “best practice” for good security and privacy on my home LAN. However, it wouldn’t work. It kept forcing reconnects and dropping the link. Not to mention it could only barely perceive what would normally be a very strong signal.
Now, with a hardware flash and SP2 installed on my laptop, WPA is streaming along quite nicely. No interruption of service here! And, now, I’ve completely implemented what all WiFi network owners should as a matter of course – best-practice security procedures. What I’ve discovered and been told is that there are five very basic things one can do to improve the security of one’s wireless LAN.
First: Change the SSID from the default setting. Many home users [and I’ve seen them] have the SSID set on their WLAN to the factory setting – because they don’t know better. So, I’ve seen WLANs called “default” and “netgear” among others. So, call it something different like “Bob’s Wireless Network Zone” if that will fit. Haven’t tried one that long.
Second: Disable broadcast of SSID. This will keep others from being able to connect to you WLAN just by scanning the area [which Windows XP does by default] and clicking “connect”. They’ll have to guess it and type it in manually – a much more time consuming process. They’ll eventually get bored and try your neighbor’s WLAN which is still called “default”.
Third: Enforce Access Control. Allow connections only from known MAC addresses. For those of you who don’t know, a Media Access Controller [MAC] address is a unique hexadecimal number given to the WLAN adapter. If you restrict access only to your MAC address, you disable connections of anyone who doesn’t happen to know your MAC address… Of course, if your resourceful enough, you can still “spoof” that.
Fourth: Implement the highest form of encryption you can. Before I got WPA working, I had to settle for 128-bit WEP which, while good, is not THAT good and fairly easy to crack. So – while people wouldn’t necessarily be able to connect to my WLAN, they could still grab my network traffic, decrypt it, and find out what I was doing. WPA, on the other hand requires each packet to be decrypted separately since the key changes each time so that the effort of decryption is so great that all but the best of the best are deterred.
Fifth: Place the WAP in a location where the signal does not spread too far outside of your house or business. I’ve placed mine on the fourth floor so that you can barely get a signal from the ground – you’d have to be standing in my driveway to even get a signal.
Okay – now I’m “as secure as WiFi can be”. Which is to say, I’ve done all I can and if someone truly wants to break in and has the knowledge and expertise, I can’t stop them. But then again, they could do that through my hard line link. But, of course, who would want to?
So, now what am I doing? I’m working from my living room instead of my office. I needed more flat table space to fill out some forms for my project than I had in the office, so I’m sitting at the table all encrypted and stuff – no wires but the power cable. It’s nicer up here…