|
Wireless networks allow users within a broadcast range of 'hotspots'
to connect to a network or the internet without the need for cables
- assuming they have the correct hardware. You can now purchase
components to build your own wireless network at home from most
large computer retailers.
However, having an unsecured or improperly configured wireless network
is much like leaving the back door to your house wide open. It means
anyone can wander in and do or take anything they want, and stand
a good chance of ignoring all the other security precautions you
have in place in the process.
Wireless networks involve sending packets of information through the air,
and in its most basic form, these packets are in plain text. Consequently,
it is possible for anyone within your hotspot with a wireless computer to
'sniff' (tap into) these packets. If they are in plain text, this means they
can read any of the information being transmitted - including your emails,
usernames and passwords, credit card details, etc.
An unauthorised person with a wireless computer can also potentially steal
your network bandwidth to obtain free Internet access which can slow down
your access to the Internet. They could also use it to launch attacks against
other computer systems or download illegal material, which could then be traced
back to your network.
Recommended Security Measures
There are several steps you can undertake to deter most hackers. Here are
the minimum security measures that ITS recommends for your home wireless network.
Of course, more security conscious individuals can look up further instructions
on the internet to provide further security for their networks.
-
Encrypt your wireless network
Encryption scrambles the packets of information sent over a network,
making it impossible to read without decrypting (or unscrambling)
them.
All wireless stations these days include some form of encryption.
WEP, WPA, WPA2, etc. Given the prevalence of hacking tools for
wireless, ITS strongly recommends you configure the highest
level of encryption available to you. Check the documentation
that comes with your wireless card and router for more information
on how to do this.
-
Adjust the default settings of your wireless network
Often people leave the settings of their equipment as the manufacturer's
default. This represents an enormous security risk, as many hackers
know common manufacturer settings and will often try them, knowing
that many people will not change them.
If they are successful, intruders can use your network to steal
your bandwidth, rack up Internet charges that you must pay for,
or worse still, monitor your activity or use your network to launch
attacks on other computer systems (which would then be traced
to you).
Some of settings are also often mistakenly adjusted under the
presumption "more is better" - especially with regards
to broadcast strength. In the case of wireless networks, this
is patently false and represents significant risk that it might
allow unwanted third parties to connect to your network.
-
Maximum range:
A lot of people configure their wireless access points (WAPs)
to have the highest signal strength to provide maximum range.
If you only want coverage within your house, a lower setting
may be all that is needed. A higher range means that your
hotspot could spread outside your house and possibly beyond
your property. Anyone within the hotspot range can potentially
abuse your network.
-
Server Set ID (SSID):
Another default setting commonly left is the SSID, which is
a special codeword the WAP has. Anyone who knows this code
can use the wireless network. All WAPs come with an SSID -
each manufacturer has its own default values.
Unfortunately, most hackers know these default settings. Therefore,
if you don't change the SSID then there is a good chance a
hacker can connect to your WAP easily. Like passwords, it
is recommended you change the SSID to something that is not
easy to guess.
-
Administrator passwords:
Many people also use the default administrator password for
the WAP rather than changing it. Much like the SSID, you need
to change the password to prevent people from just walking
in and using your network.
As with your Monash password, it is best to have a password
that is not easy to guess and is not in a dictionary.
How long will this take?
While this all sounds like a lot of work, it should only take less than
an hour of your time. The instructions should be clearly outlined in the documentation
that came with your wireless equipment. Making these changes will help give
you peace of mind that your network is secure and unlikely to be the target
of abuse.
There are many different wireless routers and devices on the market and ITS
is unable to provide detailed instructions for all of them. Nonetheless, the
above information should be sufficient to aid you in configuring your network
accordingly.
Refer to the user manual that came with your wireless router or refer to
the manufacturer and their respective website for detailed instructions.
|
