Protecting a wireless network

Okay, so you have your shiny computer and router. Now what? How do you protect your wireless network?

It’s actually much simpler than it first appears although if you have never done it before it may be something of a voyage of discovery involving several attempts and a little frustration. Don’t worry, you’ll get it working. Just be patient.

If you think, like many people do, that no-one will bother with your network, think again! They will and they do. Have a read at my earlier article, Why you should protect your wireless network, for some solid reasons and examples of the necessity of Wi-Fi security. You may like to also read another article, Protect your wireless network, to see what happens when you can’t be bothered securing it.

Encrypting your wireless connection
First things first – there are two main types of Wi-Fi security you can use to protect your wireless network: WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). My recommendation is to only use WPA since WEP can be cracked in under 60 seconds with software readily available on the internet. WPA isn’t entirely unbeatable if it uses TKIP (Temporal Key Integrity Protocol) but it requires a much more determined and knowledgeable hacker with some very heavy duty software and hardware and can take a very, very long time to overcome assuming a random key is used (I’ll get to that later), if it can be beaten at all. 99.99% of people and businesses do not have to worry about that kind of attention and those that do should also know how to defeat them!

Let’s assume you are a normal person in a normal house (or business) who simply wants to secure their wireless network – how do you do it?
There are lots of sites that advise you disable the SSID (Service Set Identifier) broadcast so your router remains ‘invisible.’ Frankly, that’s a fairly pointless step and only causes problems when you try to get your computer talking to your modem / router. The reason I say ‘pointless’ is because it can still be located very quickly and easily with readily available software.

Securing your wireless network with WEP (Wired Equivalent Privacy)
Okay, WEP is better than no security at all but as I’ve already stated, it’s very, very, very easy to crack and can be undone in less than 60 seconds with readily available software so in terms of real security it’s useless and is only one step above hiding your SSID (Service Set Identifier) as a means of ‘securing’ your network.

Unfortunately, some hardware will only support WEP ranging from routers to gaming consoles. Unless they have updated their consoles since I last checked, Nintendo DS can only support WEP. British Telecom (BT) to their credit, were shipping the BT Homehub with built-in encryption last year, however it unfortunately would only support WEP (the white model). I’m glad to say they have fixed that fault and the BT Homehub (black) now supports WPA.

Click here if you need to know how to change your Homehub from default WEP to the more secure WPA.

Securing a wireless network with WPA
‘Encryption’ sounds like something hideously complicated but in actuality it simply means two bits of hardware (router / modem and computer) each have a ‘key’ and if they match, perfect, both bits of hardware can ‘talk’ to each other. If the keys don’t match up they can’t, just like your car or your house keys will only open the door to your property.

How you set the encryption key differs depending on your router but the first step is to log in to your router admin page. From there you should be able to see a link to ‘wireless’ or ‘security’ and from that menu you should choose the appropriate drop-down menu item (preferably WPA) and enter a key comprised of a random set of letters, numbers and symbols. A shared passkey option requiring 63 characters is the best option.

You can generate a completely random 63 alphanumeric character passkey at GRC.com. Copy / paste it to the required place in the admin section of your modem / router control panel. Additionally, paste it to Notepad and save it to your documents folder for future reference as you will need it for any computers or gaming consoles you are connecting to the router.

After this, you’ll have to set up encryption on each of your PCs using the same key you used in the router. In XP, on each PC, right-click the wireless connection icon in the System Tray and click the ‘View available networks’ option. Click the Wireless Networks tab, highlight your network, click the Properties button, and then click the Association tab. In the Network Authentication drop-down box, select your encryption method. In the “Data encryption” dialog box, choose TKIP. Next, uncheck the “The key is provided for me automatically” box. Enter your WPA key in the “Network key” box, and type it again in the “Confirm network key” box. Click OK, then OK again. The PC now can connect to your network using WPA.

Note: if you are using a usb wireless adapter such as Belkin or Netgear your wireless network won’t show in ‘Available wireless networks.’ What you should do is right-click on the appropriate icon in the system tray for your usb wireless adapter and enter the appropriate information there instead, remebering to match your settings with those of your router.

Additional steps you can take to beef up security, which I won’t go into here, are filtering MAC addresses, limiting IP addresses and of course, making certain you employ a firewall on every computer connected to the internet.