Since a wireless network uses radio signals instead of wires to connect the different systems to your network, it is important to remember that the signal does not end within your house; it can reach across the street to your neighbor's house, or to a car parked down the street - where someone with a laptop can receive it. Not securing your wireless network is like leaving the front door open to your home: it might give someone free access to your broadband connection which might slow your network down, or it might give them access to the personal data and content on your computer's hard disk drive.
These simple, straightforward steps will help you improve your wireless network security. In order to implement these steps, you will need to access your router configuration utility. Typically, this can be accessed from a browser (like Microsoft Internet Explorer, Netscape, or Mozilla Firefox) by typing the IP address of your wireless router into your browser's address field. These procedures vary slightly on products from different manufacturers so you will need to refer to the documentation that came with your wireless router or wireless access point for step-by-step instructions on how to perform the following items.
- Do not broadcast your SSID if possible.
Every wireless network is assigned a name called a service set identifier (SSID). The SSID differentiates one network from another so that multiple independent wireless networks can operate in the same physical area. Most wireless routers broadcast the SSID. Potentially, an intruder can use software to sniff out this SSID as a first step to logging onto your network. You may be able to configure your wireless router so that it does not broadcast your SSID, making it difficult to detect. Not all wireless routers or access points support this feature, especially older ones. Even if you do not broadcast your SSID it is still possible for someone to capture your wireless communication and get the SSID from there. Hiding your SSID may not be a perfect method to secure your network, but it is still good practice to hide it.
- Change the factory-default service set identifier (SSID).
Wireless router manufacturers often set the SSID to a default value. Even if your router is not broadcasting your SSID, intruders may be able to find it by trying default settings. These default settings have become well known (many can be found on the Internet), so leaving the default setting may allow intruders to access your wireless network. Do not use any personal identifiable information in your SSID; instead, use something less personal that you will remember. Also note that the SSID is case-sensitive in most cases so if you want to be really cautious, use a combination of upper and lower case letters. If they are allowed, you may want to add some numbers as well.
- Change the default password.
Since the default passwords for most brands of wireless routers are published on the Internet where anyone can find them, you should change your password. A secure password should use a combination of numbers and letters and be at least 8 characters long.
- Enable encryption.
This is the single most important step in securing your wireless communication. Wireless Protected Access - Pre-Shared Key (WPA-PSK) is the suggested encryption method for a home network. If your equipment is compatible with WPA-PSK, your key can be up to 63 characters long, but 8 to 12 characters should be sufficient. If WPA-PSK is unavailable, you can use WEP. WEP is not quite as secure as WPA-PSK, but it still provides some protection. Whichever encryption method you employ, you will be prompted to enter in a string of characters to use as an encryption key. Some wireless routers require the use of hexadecimal encryption keys instead of alphanumeric.
- Use a software firewall on all computers connected to your network.
A firewall is software or hardware that isolates your system or network from unauthorized network traffic. Though most wireless routers already have a hardware firewall to prevent outside attempts to get into your network, it is a good idea to run firewall software on every computer as well. This is another line of defense against an unauthorized computer that might have slipped passed the wireless router by appearing as just another trusted system within your network. This will not keep them from using your Internet connection, but it should help keep them off your hard disk drive. A software firewall will also protect your system from spyware and some viruses, but is not a replacement for antivirus programs. Several firewall programs have a free version for noncommercial use. Although Lenovo does not endorse any third-party firewall software, some of the more popular ones include ZoneLabs ZoneAlarm and Norton Firewall.
- Limit access to shared files and folders on your computers.
Set passwords on file shares and provide access only to authenticated users. You can then set up the same user accounts on each of your machines so that your own computers can still share files easily.
With these six steps you can protect your network, your data, and your privacy from the casual would-be intruder. If someone is really determined to gain access to your network, however, there are no guarantees. The good news is that, with wireless security as lax as it is, if you provide basic security for your network, intruders will likely move on to easier targets.