- Change ALL the default settings on your Access Point, wireless cards, and routers. These include the SSID, Administrative passwords and User passwords. The default names and passwords are published by the manufacturers on the Internet and are available to anyone.
- Choose an SSID (Network Name) that will not attract unwanted attention. Do not use your telephone number, family last name, the name of the residence, the address of the residence, etc.
- Choose a unique SSID.
- Disable Automatic SSID Broadcast. If you have more than one AP set up to allow roaming, you might not want to do this due to technical considerations. However, most users should consider this option.
- Change the default channel. While this is not truly a security issue, it may help with radio interference, as many devices use the same channel.
- Always use encryption (WEP or WPA) on your wireless network. If possible, use a 128-bit or higher variation.
- Whenever possible, use additional encryption such as SSL or VPN.
- Change the encryption key on a periodic basis.
- NEVER use the SSID (Network Name) as the Encryption Key.
- If the following features are part of your AP or router, make sure you use them:
- Firewall: Restrict wireless usage to only the minimum TCP and UPD ports needed. And disable all other ports. For example, you may wish to enable TCP Port 80 (HTTP), and TCP Port 110 (POP) yet disable TCP Port 25 (SMTP) to prevent becoming a wireless mail relay, and TCP Ports 20, 21 (FTP) to prevent unauthorized file transfers. Also, block file sharing ports for programs such as Kaaza.
- Address Control List: The ACL limits the Machine Address Code addresses that may access your AP. Each wireless Network Interface Card has a unique MAC address, so this limits which wireless NICs (and therefore which computers) may access your network.
- If a fixed number of mobile devices are connecting to the AP, disable DHCP and use static IP addresses
- If a varying number of devices will be on the wireless network segment, limit the size of the DHCP address pool to the absolute maximum number of needed addresses. Many people use DHCP to make it easier on the users. However, there is no need to for the network to give out 254 addresses, or even 30, if you only need 3.
- Most Access Points have built in logging. Periodically, review the access logs and look for any abnormalities.
This covers just some of the basics for securing your home computing environment. I hope this gets you all of to a safe and happy New Year!
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.