Protect Your Wireless Network
How does a wireless network work?
As its name implies, wireless networks (sometimes called WiFi) allow you to connect to the Internet without wires. If your home, office, airport, or even local coffee shop has wireless connectivity, you can access the internet from anywhere in the wireless area.
The wireless network relies on radio waves instead of wires to connect the computer to the Internet. A transmitter called a wireless access point or gateway is connected to the Internet connection. This provides a “hot spot” for connecting via radio waves. Hotspots have identification information, including items called SSIDs (service set identifiers) that allow computers to locate them. Computers with wireless cards and access to wireless frequencies can make use of the internet connection. Some computers may automatically recognize the wireless network in an area, while others may ask you to find and manually enter information such as SSID.
What are security threats associated with wireless networks?
Because wireless networks do not need to connect wires between computers and Internet connections, an attacker in scope may hijack or block unprotected connections. The practice known as wardriving involves personal provisioning of computers, wireless LAN and GPS device drivers by searching the wireless network for areas and determining the exact coordinates of the network location. This information is usually posted online. Some individuals involved in or using wardriving have malicious intentions and can use this information to hijack your home wireless network or intercept connections between your computer and certain hotspots.
What can you do to minimize the risk of wireless networks?
- Change Default Password – Most network devices (including wireless access points) are pre-configured with a default administrator password to simplify setup. These default passwords are easy to find online, so they do not provide any protection. Changing the default password makes it harder for attackers to control the device (see Selecting and Protecting Your Password for More Information).
- Restrict access – Allow only authorized users to access your network. Each hardware connected to the network has a MAC (Media Access Control) address. You can restrict or allow access to your network by filtering MAC addresses. Please consult your user documentation for specific information on enabling these features. There are several other technologies that require wireless users to authenticate before they can access the network.
- Encrypting data on the network – WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) encrypt information on wireless devices. However, there are some security issues with WEP that make it less effective than WPA, so you should specifically look for devices that support encryption using WPA. Encrypting data will prevent anyone who may have access to your network from viewing your data (see Understanding Encryption for More Information).
- Protect Your SSID – To avoid outsiders having easy access to your network, avoid publishing your SSID. See your user documentation to see if you can change the default SSID to make it harder to guess.
- Install a Firewall – Although installing a firewall on your network is a good security measure, you should also install a firewall directly on your wireless device (host-based firewall). An attacker who has direct access to the wireless network may bypass the network firewall – the host-based firewall will add a layer of protection to the data on your computer (see Understanding Firewalls for More Information).
- Maintaining antivirus software – By installing anti-virus software and keeping virus definitions up-to-date (see Understanding anti-virus software for more information), you can reduce the potential for attackers to compromise your network and wireless computers. Many of these programs also have other features that prevent or detect spyware and Trojan horses (see Identifying and avoiding spyware and why cybersecurity is a problem? Learn More).