The following table provides different methods that you can take to better secure your wireless network. Both recommendations and suggestions are included.
|Enable high level of encryption|| |
There are several encryption methods that can be used to secure a wireless network. Depending on the age and type of your device you may have one or more encryption methods at your disposal.
|Enable some level of encryption when WPA is not available||If you find that some of your wireless devices only support Wired Equivalent Privacy (WEP) encryption, like Media Players, Personal Digital Assistants (PDAs), and Digital Video Recorders (DVRs), it is still important to enable encryption. |
Recommend: Enable WEP encryption as some encryption is better than no encryption.
In spite of the issues with using WEP encryption, it is still better than having no encryption at all. When using WEP, use an encryption key that is extremely hard to guess. Refrain from using a WEP key like a string of the same or consecutive numbers. Because of the security issues, when using WEP encryption it is also highly advisable to change the encryption keys often. Additionally, when using WEP encryption, enabling Media Access Control (MAC) filtering can provide another layer of protection (See Turn on MAC filtering below).
Note: Many newer operating systems do not support WEP encryption. Older devices that only support WEP may need to be upgraded.
|Create a strong admin password||Many devices have an Administrator username and password that are needed to access the device and modify any configuration settings. Most of these devices use a weak default password while others do not have a default password at all. |
Recommend: Change the default Administrator password.
As you will likely not use this login information very often, be sure to create a record of it and store it in a safe place. Should you forget this information, the only way to access the device may be to reset it to factory default settings. Resetting to factory default will also wipe away any configuration changes you have made. (See Save your configuration).
|Turn off remote administration||Most wireless devices have the ability to be remotely operated or administered via the Internet. This feature can allow almost anyone to find and access the settings for your device. |
Recommend: Turn off remote administration.
Unless you absolutely need this capability, it is best to disable Remote Administration; doing so can help prevent unauthorized access and use of your system.
|Save your configuration||Many devices have the ability to save a file containing your device configuration to a location on your network. |
Recommend: Save your configuration changes.
Saving this information after any configuration changes will allow you to re-establish your custom settings should they get lost due to some unforeseen situation such as having to reset your device to the factory settings due to a forgotten Administrator password. Always save your configuration changes to a file on the desktop, flash drive, or backup disc.
It is also recommended that you write the device password, SSID, and wireless key / passphrase on a piece of paper and attach it to the device for future reference.
|Turn off broadcasting||Many devices automatically and continuously broadcast the network's name or SSID. This makes setting up wireless clients extremely convenient since you can locate a Wireless network without having to know what it is called. The drawback to this is that this also makes your Wireless network visible to any wireless devices within range. |
Turning off SSID Broadcast for your network makes it invisible to casual detection by your neighbors and passers-by. When using this method of securing your network, you must remember to manually enter your SSID when connecting a wireless connection or turn SSID Broadcasting back on temporarily. This could make setting up your wireless clients very difficult if you do not remember the SSID or if you do not know how to manually enter it.
Some computers and devices will not connect unless the SSID broadcast is enabled. It is recommended that you test all wireless devices you want to connect in order to determine if this option will work for you.
|Turn on MAC filtering||Another security measure that should only be used with encryption is MAC address filtering. MAC addresses are unique to specific network adapters and devices so by enabling MAC address filtering you can manage access to your network. |
Turning on MAC address filtering can be used to either allow or block access to network devices depending on the setting; either block or allow but not both.
Using MAC address filtering requires that you manually enter the 12-character MAC address of every device that will be managed on your network. If you frequently add new devices to your network, MAC address filtering can become inconvenient and time consuming.
Because MAC addresses can be imitated by a knowledgeable person MAC address filtering should only be used in conjunction with other security measures.