Newsletter "Behind the Scenes" Newsletter

August 2010The monthly newsletter by Felgall Pty Ltd

My Word

Securing a Wireless Network

With any luck the news a few months ago about Google capturing information from wireless networks as they sent their camera cars down suburban streets to capture the images for their street view maps has served to publicise the danger of having your wireless network set up incorrectly.

Without the right security settings on your wireless network it wasn't only Google who had access to read the traffic on your network. Anyone with a device capable of connecting to a wireless network can do so at any time. What's more they don't only have access to read the data on your network, they also have access to connect their computer to your network and use it.

Does your internet usage seem a lot higher since you started using a wireless network? If so then chances are that one or more of your neighbours is connecting to the internet through your wireless network.

The default configuratiopn for wireless networks allows any computer to connect to and use the network with access to everything that any of your computers can connect to.

So what can we do about it? The solution is to implement security on your network. That means changing the settings on bothe your wireless access point or router and also on every computer and other device that you want to be able to connect wirelessly to your network. Since others will not know what changes to make to their settings they will then lose the ability to connect to your network. I know for certain that Google couldn't read any data from my wireless network because I do have all the security implemented I am about to to tell you about.

The first thing you need to do is to log in to the control panel for your wireless access point/router. Usually this can be done by using a web browser to call up the IP address that your device is using and then enter the user id and password that it is configured to use. You should find the exact instructions on how to do this in the documentation that came with that hardware.

The first thing you are looking for is an entry labelled Broadcast SSID or Enable SSID Broadcast or similar and turn that option off. You also need to find where the text field is labelled SSID: and change what is in there to a value of your own rather than what it was originally set to. That now makes it one step harder for other people to connect to your network.

The easiest way to see how this makes it harder is to update one of your wireless devices to reconnect it to your network with this new security implemented. When you tell the device to search for wireless networks so you can select the one you want to connect to it will no longer list the SSID of your local network allowing you to select it. Instead you will see an entry that doesn't have an SSID listed and to reconnect your device to your network you'll need to actually enter the SSID into the device after selecting to connect to that network. You'll need to enter the same value as you specified for the SSID when configuring the access point. Only then will the device connect. That means that others will need to guess your SSID in order to be able to connect to your network.

That is still relatively trivial to bypass though since someone can simply set their computer to try value after value for the SSID until they find the one that works. We are about to make things a lot harder by actually turning on the security for our wireless network. The exact wording of the options to do this will be different depending on your access point brand. In my case I have two different brands of wireless router and the options are named differently but provide the same choices so hopefully if I tell you what these two call each option you'll be able to figure out the equivalent setting on yours.

One of my wireless routers has an option titled Enable Wireless Security and I checked the box next to that and then selected WPA-PSK/WPA2-PSK for the security type. The other router I have uses a selection list to combine both these options into one labelled Security Mode: and I changed that from "none" to WPA-Personal.

The next field was labelled Security Option on one router and WPA Mode on the other. In both cases there were three choices offered being WPA, WPA2 or both (with the exact wording being different in each case). I selected the option that allowed both.

The next field is Cypher Key or Encryption: and offers or AES or both and again I selected both.

The final field you need to update is a text field labelled PSK Passphrase: or Pre-Shared Key : and that's where you need to enter what will effectively be the password that will be required to be entered into any device in order for it to be able to attack to the network. All of your wireless data will then be encrypted and will only be able to be read by devices using the same type of encryption and that same password.

You now need to go into the wireless settings for every device you want to be able to attach to your network and tell each of those to use WPA encryption using the password value that you selected. You only need to enter this value into each device once and it appears in plain text in the configuration options so be sure to make it a weird combination of letters, numbers etc that no one will ever be able to guess.

With those changes in place all the data on your wireless network will be encrypted and inaccessible from any device that hasn't had both the SSID and your special password entered into it. So now Google can't read your data as they drive past and your neighbour can't connect to your network to use your internet access.

My apologies for not being able to provide exact step by step instructions on everything to set this up but each device uses slightly different names for these settings and can have them in completely different places. My hope is that if you use the above description in conjunction with the manuals for each of your wireless devices that you will be able to locate and update the appropriate settings in each so as to properly secure your wireless network.
 

On Site

The book I reviewd this month on SQL has given me lots of ideas for articles about database design and use and so there will probably be quite a few pages on that topic added to the site over the next few months. These will be relevant both to web development and other areas where databases are used.
 

What's New

The following links will take you to all of the various pages that have been added to the site or undergone major changes in the last month.

Main Links

Ask Felgall
Past Newsletters
Sign Up/Unsubscribe
Question Forum

Categories

Browsers
HTML
Javascript
Interactive Web
Mainframe
PC Software
Networking
Comms Software
Word Processing
DTP
Graphics
OS/2
Linux
DOS/Windows
NT/2000/XP
Book Reviews
Links

Other Links

My Javascript Site
My Blog

http://www.felgall.com/