The document outlines 8 ways to add security to a wireless network, including disabling the broadcast of the network name (SSID), using MAC address filtering, enabling encryption standards like WEP, WPA, and WPA2, implementing IEEE802.1x authentication, disabling the DHCP server, using IP subnetting to limit the number of devices, changing the router admin username and password, and changing the default IP address range.
2. 1 Disable the Network Name (SSID)
To make it easy for wireless receivers to find their transmitter, most
wireless devices are configured by default to broadcast a beacon known as a
Service Set Identifier (SSID).
This SSID or network name can be changed to a private name and can also
be hidden (not broadcasted). This way, only receivers that know the correct
SSID will be able to connect to the wireless network.
3. 2 MAC Address Filtering
As a form of physical security, it is possible from the router to only allow
specified networks users to access the wireless network by identifying their
unique Ethernet MAC address associated with each network device. This
gives a level of security similar to staff access cards and identification
badges.
4. 3 WEP/WPA/WPA2
These abbreviations refer to three different encryption standards that can
be used to secure a wireless network:
a) Wired Equivalent Privacy (WEP) is not considered secure anymore and
should only be used with legacy equipment that does not support
WPA/WPA2.
b) WiFi Protected Access (WPA) offers a higher level of wireless security,
making sure that the data will remain private and access to the network
is restricted to authorized users.
c) WPA2 has replaced WPA and uses a stronger encryption standard called
Advanced Encryption Standard (AES).
5. 4 IEEE802.1x
The IEEE802.1x standard describes how to provide authentication and
authorization using an authentication server that keeps usernames,
passwords and user rights to access a network in a central database.
This way, a wireless router/ access point will contact the authentication
server first when a device wants to connect to the wireless network. The
server checks the user credentials against the database and informs the
wireless router/ access point if the relevant user is allowed to access the
network or not, and what are the relevant user rights.
6. 5 Disable DHCP Server
Disabling the DHCP Server of a wireless router will stop it from
automatically assigning IP addresses to new devices, including potential
hackers. Instead, the network administrator has to configure new
devices manually with valid IP address information.
7. 6 IP Subnetting
IP addresses and subnets in home wireless networks are normally
configured so that 254 users can have a valid IP address. For example:
Router IP: 192.168.2.1
Computer IPs: 192.168.2.2 to 192.168.2.254
Subnet Mask: 255.255.255.0
For additional security, the router could also be configured with a subnet
that allows to assign 6 IP addresses only. For instance:
Router IP: 192.168.2.1
Computer IP: 192.168.2.2 to 192.168.2.6
Subnet: 255.255.255.248
This way the maximum number of devices in the LAN is limited and external
customer will need to know the subnet used in the network to be able to
connect.
8. 7 User name & password of router admin
After being connected wireless or wired to the network, the admin interface
of the router can normally be accessed by entering its IP address in a
web browser. With the help of a username and a password, all router
settings can be changed.
In order to avoid an intruder to be able to login to the network router and
make configuration changes in the network, it is recommended to
change the username (if possible) and the password of the router admin
web interface.
9. 8 Change default IP address range
The wireless routers normally are by default configured with an IP address
like this
192.168.x.x (for SMC Networks Routers 192.168.2.1)
If you are thinking in disabling the DHCP server so that the router will not
assign IP addresses to devices, you might want as well to change the
range of the IP addresses used in your whole network. For example:
10.0.x.x
Router: 10.0.0.1
Other devices: 10.0.0.2-254
This way, possible intruders will not know the IP address range and it will be
more difficult for them to get connected.
10. For more technical documents visit us
www.smc.com
Disclaimer: All data has been carefully checked for correctness.
SMC Networks takes no responsibility for possible errors in this document.
All technical specifications are subject to change without prior notice.
(c) 2010, SMC Networks