Securing your wireless internet at home is pretty important–unless you like to give those around you the gift of free internet while you foot the bill! To some, setting up a home wireless connection is easy, but the security aspect of it seems too daunting to attempt. Sadly, those people end up, more than likely, having their bandwidth taken and sometimes their personal information stolen all because they didn’t take the time to properly secure their home network. These are the people I hope to help in this post. There are a few different ways to go about securing your wireless network and I want to go over those briefly today. As always, questions are welcome in the comments section or via email.
Using a Pre-shared Key. This is a popular method due to its seemingly impenetrable security. To some it would seem impossible for a hacker to break through their special key that they randomly generated. The reality is if people outside of your home can even pick up the wireless signal, it is possible for them to do a combination of packet-sniffing/brute force attack to figure out your pre-shared key and get into your wireless network. While it’s not entirely likely that someone would go through this type of trouble to get into your home network, it is possible and shouldn’t be overlooked–especially if you do a lot of online banking or online purchasing. Another thing to keep in mind is if you have a lot of guests that use your wireless. You don’t want to have to tell everyone that comes over your unique passphrase, especially if it’s supposed to be secret!
Forcing the Signal to Not Broadcast. While this is a good idea in general, it should not be used alone with no other security. When you first get a wireless device, they come preset with an SSID (Service Set Identifier). If you leave this set to the default (which you should never do!), say “Linksys”, anyone who already has a wireless network set on their computer, or phone, with the name of Linksys, will be able to pick up your network. Once they do that, and you have no other security, your network has been compromised. Even if you do combine this method with the use of a pre-shared key, the dangers listed above still come into play once the name of the network has been discovered. It’s also worth noting that even if you set your SSID not to broadcast, tools like netstumbler and kismet will still find your SSID and display it to the nefarious hackers. That being said, this is simply an obscurity tool to reduce the number of people who see your network by turning on their wireless card. It will not stop a determined hacker.
MAC Address Filtering. This is a good choice, but, again, it should not be used alone. If you simply enable MAC address filtering, but don’t obscure the SSID of your wireless router, you are subject to MAC address spoofing incurred by packet-sniffing. This method can be a pain for the administrator of the network (you), but it is probably the most secure. The MAC address (also known as a physical address) for a computer is very similar to a mailing address unlike the IP address, which is more similar to a phone number. When using this method, you control specifically what computers are allowed on your wireless network. This information is contained in a list stored on your wireless router. It is up to you to keep this up to date and any new computers must be added before they are granted access to the network.
My Method. When I set up wireless networks for people, including my own, I use a combination of MAC address filtering and setting my wireless router not to broadcast. To me, this is the most secure method and ensures that no one can get on my network unless I am aware of it. It makes it easier on friends and guests that come over in that I don’t have to give them some long, randomly generated or personal phrase to get on my network that may fall into the wrong hands. All I have to do is get their device for a second and pull the information needed (MAC address), or have them do it. To find the MAC address of a computer, all you have to do is the following:
- Open a CMD prompt (windows key + r or Start > Run on windows and type “CMD” in the Run window).
- In the black window that comes up, type in this: ipconfig /all
- Locate your wireless network card (most computers have 2, a wired connection and wireless) in the list that comes up and find the line that says “Physical Address”. It will be a 12 digit string similar to: 00:11:22:33:44:55
Once I have their MAC address, I simply take the string from step 3 and store it in my router. Where this goes will depend on the router. On my old Linksys, it is under Wireless > Wireless MAC Filter. Don’t forget to make sure MAC filtering is enabled as well and that “Permit Only Listed PC’s” is selected. This will ensure that no other devices can access the wireless network except for the ones in the allow list. Don’t forget, if you have an XBOX, Wii, Playstation, etc. that uses wireless, you will have to get those MAC addresses as well and store in your router.
Overall, securing a home wireless connection is pretty simple and shouldn’t be considered daunting. It mostly just takes a little forethought and planning to keep those unwanted guests out. Keep in mind, too, that no method is completely fool-proof, but the more you obscure your network, the less likely it is that someone will want to spend the time trying to get into your network. For me, it’s all about the feeling of control and ease of allowing new guests onto my network. The method I use would be ideal for any home or business in which the main administrator is comfortable with making the necessary changes (2-5 minutes) for each new device that must be on the network.