Secure the Wireless Access Point | Spring Into Windows XP Service Pack 2

Another major consideration when designing a wireless security scheme is the point of access to the wired network. Without securing the access point, most of your plans for securing clients are done in vain.

Unfortunately, the procedure for securing this access point will differ depending on which brand of WAP is in use. What follows then are just some very general considerations to look for, using examples from a wireless router that's used to share out your author's broadband Internet connection.

Every wireless device will have some way of managing its default settings. In the case of my wireless router, this is done with an HTML interface. To access the device settings, I connect to the Website running on the internal interface's IP address. I type http://192.168.2.1 into my Web browser, and get a login page that looks like what you see in Figure 10-13.

Figure 10-13. Accessing the management interface of the wireless access point (WAP).

How Do I Know My IP Address Is Private?

The 192.168.2.1 IP address is within a range of reserved private IP addresses. Lots of machines that have Internet access can have the IP address of 192.168.2.1, but none of them can be directly attached to the Internet. Another device, such as a router, acts as a go-between. In the case of my router, that go-between is the interface connected to the cable modem, and thus my ISP. Confusing? It can be. For further information on private IP addresses, please refer to Chapter 9, "Playing Nicely with Others."

Enter a username and password. Here's one security configuration that can easily be forgotten about. A good many of the wireless routers out there today have not had the default administrator user names and passwords changed, which means you can hack into them by using passwords like admin, password, or just by leaving the space blank. I suggest that changing this password be the first order of business when configuring WAP security.

Next, look to set the device's security settings by changing the SSID and the network key settings. There's usually a button somewhere that lets you turn off broadcasting of the SSID. There's another that will prevent the device from accepting "ANY" as the SSID. As mentioned, these are a couple of quick and easy security measures that will prevent the casual user from connecting to the network. Other tabs will let you configure encryption settings for the access point. Refer to your router's documentation for further information.

Is It Certified?

If security is a big concern for your wireless access point, make sure to look for the Wi-Fi Certified logo on the outside of the box. A device that is Wi-Fi Certified will be able to take advantage of the latest wireless security technologies. Wi-Fi is a consortium of over 200 member companies from around the world. It was formed in 1999 to certify interoperability of wireless Local Area Network products based on the IEEE 802.11 specification.