Problem You want to protect your WiFi network from intruders. Solution No single fix will keep you protected, so you'll have to combine a variety of security measures: Stop broadcasting your network's SSID (its network name). Your router normally sends out its SSID, which makes it easier for intruders to find it and connect to it. You can, however, tell it not to broadcast its SSID. Someone needs to know its SSID in order to connect to it. How you stop it from broadcasting varies from manufacturer to manufacturer, and even from model to model from the same manufacturer. But for many models of Linksys routers, here's how to do it: Log into the setup screen by opening your browser and going to http://192.168.1.1. When the login screen appears, leave the username blank. In the password section, type admin and press Enter. (Note: if you've changed the login name and password from the default, use that instead.) Click the Wireless tab. Select Disabled for Wireless SSID Broadcast and click Save Settings. (Note: on older Linksys routers, stay on the Setup tab, go to the ESSID box, type in a new name for your network, and click the Apply button.) After you change your network name, reconnect each WiFi computer to the network, using the new network name. To reconnect, right-click the small wireless icon in the Windows Notification Area, and from the screen that appears, click Change advanced settings, then click the Wireless Networks tab. Click the Add button in the Preferred network section, type in the network name, and click OK, and OK again.
 | In addition to stopping broadcasting your SSID, you should also change your SSID so that it's not the default as shipped by the manufacturer, because snoopers know default names and can look for WiFi networks using default names. How you change the name varies according to router manufacturer and model. In many Linksys routers, you change it on the same screen on which you tell the router to stop broadcasting your SSID. In the Wireless Network Name (SSID) box, type in the new name, then click Save Settings. |
|
Regularly change the channel your router transmits over. That way, if someone has tapped into it before, he won't know on which channel it's now broadcasting. Again, how you do this varies by manufacturer and model. To do it, first log onto your router's setup screen. In a Linksys router, after you log in, click the Wireless tab, and choose a new wireless channel from the Wireless Channel drop-down list. Limit the number of IP addresses your DHCP server allows on your network to the number of computers that you actually have. That way, no one else will be able to be get an IP address from your network's DHCP server because your PCs will use up all the available IP addresses. Your router's built-in DHCP server hands out IP addresses whenever a computer needs to use the network, and the router lets you set the maximum number of IP addresses it hands out. To limit the number on a Linksys router, go to the Setup screen and scroll to the bottom. In the Number of addresses box, shown in Figure 14-7, type in the number of computers that will use your network, and click Save Settings. If you add another computer to your network, make sure you go back to the screen and increase the number of DHCP users by one. Figure 14-7. Limiting the number of IP addresses your DHCP server hands out 
Filter out MAC addresses. You can tell your network to allow in only network adapters with specific MAC addresses. That way, only hardware that you specify can use your network. (Note that not all routers have this capability, although Linksys routers do.) A MAC address is a number that uniquely identifies a network adapter or other piece of communications hardware. There are several ways to find out the MAC address of a network adapter. One simple way is to go to a command prompt, type ipconfig /all, and press Enter. In the results you get, look for the numbers next to Physical Address, such as 00-08-A1-00-9F-32. That's the MAC address. Find out the MAC addresses of all the network adapters that you're giving network access to. Then, on a Linksys router, log into the Setup screen and click Security. Click Edit MAC Filter Settings, and from the screen that appears, type in the MAC address for each of your PCs on a separate line next to Mac 1, Mac 2, and so on. Click Apply, and then click Save Settings. Whenever you add a new PC to your network, make sure to add its MAC address. Use encryption. Use either WEP encryption or WPA encryption. (WPA is newer and more secure.) For details, see Recipe 14.7.
Discussion If you use a home network, it's unlikely that you'll be specifically targeted by intruders. Someone may accidentally discover your network when war-driving, or a neighbor may accidentally discover it when she connects to her own network. In some neighborhoods, you're more likely than others to face intruders. For example, if you live in a neighborhood that has many student houses and apartments, you're more likely to face intruders. When students share a house or apartment, they frequently use WiFi networks as a way to give everyone Internet access, so there are many people who have PCs with wireless cards. Corporate wireless networks, on the other hand, are more likely to be targeted and need to be more vigilant about security. So they should frequently change their SSIDs and channels on which they broadcast, and use the strongest possible encryption. Additionally, they should use other normal network security features, such as firewalls and authentication. See Also For a basic explanation of various WiFi security technologies, go to http://www.wi-fi.org/OpenSection/secure.asp?TID=2#security_tech, the security page of the WiFi Alliance, an industry consortium of manufacturers of WiFi products. |
