|
||
| Editor Login | Register | ||
| > World > Security |
|
|
| 10 Tips for Wireless Home Network Security |
|
Many folks setting up wireless home networks rush through the job to
get their Internet connectivity working as quickly as possible. That"s
totally understandable. It"s also quite risky as numerous security
problems can result. Today"s Wi-Fi
networking products don"t always help the situation as configuring
their security features can be time-consuming and non-intuitive. The
recommendations below summarize the steps you should take to improve
the security of your home wireless network. 1. Change Default Administrator Passwords (and Usernames) Improve home network securityNearly all wireless access points and routers allow an administrator to manage their WiFi network through a special administrative account. This account provides complete "superuser" access to the device"s configuration utilities with a special username and password. Manufacturers set both the account username and password at the factory. The username is often simply the word admin or administrator. The password is typically empty (blank), the words "admin," "public," or "password," or some other simple word. To improve the security of a Wi-Fi network, you should change the administrative password on your wireless access point or router immediately when installing the unit. The default passwords for popular models of wireless network gear are well-known to hackers and often posted on the Internet. 2. Turn on (Compatible) WPA / WEP Encryption ll Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.3. Change the Default SSIDWi-Fi access points and routers ship with a pre-defined network name (SSID) set by the manufacturer. The SSID can be accessed from within these products" Web-based or Windows-based configuration utilities. Common examples of pre-defined SSIDs are simple names like "wireless," "netgear," "linksys," or "default." An SSID can be changed at any time, as long as the change is also made on all wireless clients. To improve the security of your home wireless network, change the SSID to a different name than the default. Here are some recommended do"s and dont"s, based on best network security practices: Don"t use your name, address, birthdate, or other personal information as part of the SSID. Likewise, don"t use any of your Windows or Internet Web site passwords. Don"t tempt would-be intruders by using tantalizing network names like "SEXY-BOX" or "TOP-SECRET". Do pick an SSID that contains both letters and numbers Do choose a name as long or nearly as long as the maximum length allowed. Do consider changing your SSID every few months.4. Enable MAC Address FilteringMost Wi-Fi access points and routers ship with a feature called hardware or MAC address filtering. This feature is normally turned "off" by the manufacturer, because it requires a bit of effort to set up properly. However, to improve the security of your Wi-Fi LAN (WLAN), strongly consider enabling and using MAC address filtering. Without MAC address filtering, any wireless client can join (authenticate with) a Wi-Fi network if they know the network name (also called the SSID) and perhaps a few other security parameters like encryption keys. When MAC address filtering is enabled, however, the access point or router performs an additional check on a different parameter. Obviously the more checks that are made, the greater the likelihood of preventing network break-ins. To set up MAC address filtering, you as a WLAN administrator must configure a list of clients that will be allowed to join the network. 5. Disable SSID BroadcastMost wireless access points (APs) and routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This feature of Wi-Fi network protocols is intended to allow clients to dynamically discover and roam between WLANs. However, this feature also makes it easier for hackers to break into your home network. Because SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the router or AP. Knowing your SSID brings hackers one step closer to a successful intrusion. In a home Wi-Fi network, roaming is largely unnecessary and the SSID broadcast feature serves no useful purpose. 6. Do Not Auto-Connect to Open Wi-Fi NetworksConnecting to an open Wi-Fi network such as a free wireless hotspot exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations with your (the user"s) awareness. To verify whether automatic connections to open Wi-Fi networks are allowed, check the computer"s wireless configuration settings. For example, on Windows XP computers having Wi-Fi connections managed by the operating system, the setting is called "Automatically connect to non-preferred networks." To check this setting, follow these steps: 7. Assign Static IP Addresses to DevicesStatic IP address assignment is an alternative to dynamic DHCP on all Internet Protocol networks including home networks. Dynamic addressing is convenient. It also allows mobile computers to more easily move between diferent networks. However, static IP addressing also offers some advantages: A fixed IP address best supports name resolution, so that a computer can be most reliably reached over the network by its host / domain name. Web and FTP servers in particular benefit from static IP addressing for this reason.Using static IP addresses on home networks gives somewhat better protection against network security problems than does DHCP address assignment. Some network devices do not suppport DHCP. 8. Enable Firewalls On Each Computer and the RouterOne of the easiest, least expensive ways to guard a home network from attack is to set up a personal firewall. The top firewall software products listed below afford good network protection and help maintain personal privacy. Even those who have home routers probably need the additional protection that a personal firewall offers. While these products all target the Windows environment, Symantec also sells the Norton Personal Firewall for Macintosh.9. Position the Router or Access Point SafelyThe performance of a Wi-Fi home network greatly depends on signal strength of the wireless router or wireless access point (base station). If a given wireless client falls out of range of the base station signal, obviously that network connection will fail or "drop." Clients situated near the edge of the network range will likely experience intermittent dropped connections. But even when a wireless client stays within range consistently, its network performance can still be adversely affected by distance, obstructions, or interference. To position your wireless equipment for optimal network performance, follow these guidelines: First and foremost, don"t settle prematurely on a location for the wireless access point or router. Experiment; try placing the device in several different promising locations. While trial-and-error may not be the most scientific way to find a good spot for your equipment, it is often the only practical way to assure the best possible Wi-Fi performance.Strive to install the wireless access point or router in a central location. If you have only one wireless client, installing the base station near this client is best. For WLANs with multiple wireless clients, find a good compromise position. Clients too far away from the base station will manage only 10% - 50% the bandwidth of clients nearby to it. You might need to sacrifice the network performance of one client for the good of the others. Next, avoid physical obstructions whenever possible. Any barriers along the "line of sight" between client and base station will degrade a Wi-Fi radio signal. Plaster or brick walls tend to have the most negative impact, but really any obstruction including cabinets or furniture will weaken the signal to some degree. Obstructions tend to reside closer to floor level; therefore, some folks prefer to install their wireless access point / router on or near the ceiling. Avoid reflective surfaces whenever possible. Some Wi-Fi signals literally bounce off of windows, mirrors, metal file cabinets and stainless steel countertops, lessening both network range and performance. Install the wireless access point or router at least 1 m (3 feet) away from other home appliances that send wireless signals in the same frequency range. Such appliances include some microwave ovens, cordless telephones, baby monitors, and home automation equipment like X-10 devices. Any appliance that transmits in the same general range as 802.11b or 802.11g (2.4 GHz) can generate interference. Likewise, install the unit away from electrical equipment that also generates interference. Avoid electric fans, other motors, and flourescent lighting. If the best location you find is only marginally acceptable, consider adjusting the base station antennas to improve performance. Antennas on wireless access points and routers can usually be rotated or otherwise re-pointed to "fine tune" Wi-Fi signalling. Follow the specific manufacturer"s recommendations for best results. If using these guidelines you still cannot find a suitable location for your wireless gear, there are alternatives. You can, for example, replace and upgrade the base station antenna. You can also install a Wi-Fi repeater (often called a "range extender" or "signal booster.") Finally, in extreme cases, you may need to configure a second base station to extend the range of your WLAN.10. Turn Off the Network During Extended Periods of Non-Use Most broadband Internet connections stay "always-on," keeping you online at all times. For convenience, residential network owners often leave their router, broadband modem and other network equipment powered up and operating, even when not utilizing it for long periods of time. But should home network gear really stay always connected? What are the pros and cons of switching it off?A. Home network gear need not be powered on and connected to the Internet at all times. Several clear advantages apply if you turn off your equipment when not using it, although some disadvantages exist also. Consider these pros and cons: Security - Powering off your gear when not using it improves your network security. When network devices are offline, hackers and Wi-Fi wardrivers cannot target them. Other security measures like firewalls help and are necessary but not bulletproof. Electricity cost savings - Powering down computers, routers and broadband modems saves money. In some countries, the savings is low, but in other parts of the world, costs are significant. Surge protection - Unplugging network devices prevents potential damage from power surges. As with other types of consumer electronics, surge protectors may also prevent this damage. However, surge units, particularly the inexpensive ones, generally cannot protect against severe power spikes like those from lightning strikes. Noise reduction - Networking gear has grown quieter in recent years, as noisy built-in fans get replaced with solid state cooling systems. Your senses might be adjusted to the relatively low levels of home network noise, but you might also be pleasantly surprised at the added tranquility of a residence without it. Hardware reliability - Frequently power cycling a computer network device can shorten its working life due to the extra stress involved. Disk drives are particularly susceptible to damage. On the other hand, high temperature also greatly reduces the lifetime of network equipment. Leaving equipment always-on very possibly causes more damage from heat than will powering it down occasionally. Communication reliability - After power cycling, network communiations may fail to reestablish. You must take care to follow proper start-up procedure. For example, broadband modems generally should be powered on first, then other devices only later, after the modem is ready. You may also experience start-up failures due to "flaky" or unstable installations. Troubleshoot these problems when they arise, or you"ll be faced with bigger networking problems down the road. Convenience - Network devices like routers and modems may be installed on ceilings, in basemenets or other hard-to-reach places. You should shut down these devices gracefully, using the manufacturer-recommend procedure, rather than merely "pulling the plug." Powering down a network takes time to do properly and may seem an inconvenience at first. In summary, most of these considerations suggest turning off your network during extended periods of non-use is a good idea. The security benefit alone makes this a worthwhile endeavor. Because computer networks can be difficult to set up initially, some people naturally fear disrupting it once working. In the long run, though, this practice will increase your confidence and peace of mind as a home network administrator. mdx | Security Experts TIM |
|
| Bağlantılar: bilgininefendisi.net |
| Open Source Document Project | AUP&TOS |