October 21, 2003

How I secured my wireless network

Update: Check out this page for more on securing linksys access points: http://www.worldwidewardrive.org/linksys/linksys1.html

I have a wireless network running around my home. I don't really use it--I struggled to get 802.11b working on my (old) Linux workstation last year, and failed. But my roommate does use it. She had a friend come in and install a wireless switch (into which I plugged my tired old wired workstation) and a card into her computer. With all the defaults set, it worked like a charm.

I ignored it for a month. But then I was at a friend's house and he turned on his laptop, searched for a wireless connection, and was soon surfing on his neighbor's broadband connection. Now, I don't have any state secrets, but this worried me. So, I asked my friend how to secure the wireless network that I had. He gave me three easy steps:

1. Change the router password. If you don't do this, a simple Google search for 'linksys default password' can compromise your entire system. Sure, if you need to you can probably hardware reset the password, but who needs the hassle.

2. Change the SSID. I don't have any idea what this is, but do change it from the default. This requires changing both the server (the router) and the client (software on my roommate's computer).

3. Enable WEP. This is a 128 bit encryption protocol. It's not supposed to be very secure, but, as my friend said, it's like locking your car--a thief can still get in, but it might make it hard enough to not be worth their while. This entailed picking a key, and making some configuration changes on both the server and the client.

In short, it was super easy to do. Wireless in general is an amazingly easy technology, and if I was building a small office nowadays, I certainly wouldn't wire the workstations. The bandwidth that 802.11b supports is easily enough to saturate a broadband connection, and the security features, while not bullet proof, are probably not going to be the weak point of a small office (the weak point will probably be weak passwords). The ease of use and of adding new workstations certainly makes wireless a compelling solution.

Posted by moore at October 21, 2003 01:21 PM

I turn on Mac address filters. This way only my laptop, my wifes, etc can get onto the router at all. This has nothing to do with people snooping traffic (which is where WEP comes in), but it is a great way to stop people from sneaking onto your bandwidth.


Posted by: Dion at October 22, 2003 11:19 PM | Permalink
© Moore Consulting, 2003-2006