Since the creation of the first 802.11 protocol, wireless networking has provided all new possibilities for computing from anywhere. The very notion of taking a notebook from point A to point B, all the while maintaining connectivity is something to truly appreciate. When it comes to a home setup, the goal is to provide each machine within the network access to the various services and features supported by the other machines seamlessly, while still providing a common gateway to the internet outside. Once this is achieved, it is absolutely imperative that you include one other ingredient in your network recipe: security.
There are a bunch of different security possibilities for wireless networks and some are stronger than others. I will describe some of the more popular options and whether I think they are worth using. It is imperative that you adopt at least one strong security measure, but encouraged that you adopt more than one (can more security be bad in a home network?).
- Giving your wireless router a password - This is first and foremost. As soon as you turn a router on for the first time you should log in to it and change the default password. Otherwise, anyone who visits your network can log into your router with the password that is widely available on the internet. Change your password and make it good.
- Disabling SSID broadcast - For all but those with the technology to inspect packets, disabling the SSID broadcasting will make your network invisible to anyone that is not aware of its existence. I recommend doing this so you don't get unwanted visitors attempting to access your network.
- MAC filtering - Every network card has a unique 12 digit Hex value (0-9 A-F) called a MAC address. This helps routers determine which machine is supposed to get what traffic when first connecting to a network. By enabling MAC filtering you can specify a list of MAC addresses (Click here to learn how to find your MAC address) that will either be granted access to your network exclusively or will be banned from the network exclusively. Typically, the first method is used so you just update the list of MAC addresses as new computers that you want to allow access to your network get added. Unfortunately, you can modify the value of your network card's MAC address using software, so a MAC address can be copied. I use MAC filtering because I rarely change my computer setup within my network and I only want those machines to have access by default.
- WEP Encryption - This form of encryption was one of the first widely adopted protocols and did its job for a little while. Today, WEP is completely insecure to someone with the right tools (freely available on the web) and should not be used unless you have no other encryption option available.
- WPA Encryption - WPA has recently been cracked, so it is not as secure as it used to be, but this is a far superior form of encryption over WEP. There is a new form of WPA called WPA2 which is stronger than the original version, which should be used if available. When choosing WPA encryption, you can usually select TKIP or AES. AES is the stronger of the two choices but TKIP is the wider used method. When creating a key for whichever protocol you end up using, the important thing is to make it as long and diverse (like a good password) as possible so it will be harder to crack. I use WPA and would recommend that if you don't use any other security feature, you should use this and providing your router with a password.
- Firewalls - Firewalls are tools that block traffic from entering or exiting a network if it is along ports that are not allowed to send/receive packets. Certain programs and protocols are exclusive to certain ports (i.e. port 80 is used for HTTP, so whenever you visit a web page, the packets of data are being sent over port 80). Firewalls can be configured to allow traffic through certain ports while blocking all other traffic that is going to the other ports. Your router has a hardware firewall in that it will only allow common protocols through unless you specify other port ranges using the Port Forwarding menus in the router. In addition, computers can run software firewalls (such as Windows Firewall or Jetico) to add extra protection. You should at least have your router's firewall enabled to help keep the whole network safer.