Harden your WiFi

Widespread (mis)use of 802.11 is making life easier for any air sniffer equipped black hat.

Most people plug in their new wireless router, turn it on, leave everything at the defaults, and go. Bad, bad network users! Turning on SSID broadcasting, non-MAC locked, unencrypted WiFi is akin to hanging an ethernet port off your network outside in a dark alley and inviting all the bad guys to stop by for a look at your net comms.

If you’ve read my blog for a while, you know some of the basic things to do when you’re setting up a WiFi network. Click here for a refresher on SSID broadcast (bad), MAC address ACLs (good), and using the highest level of encryption supported by all of your devices (absolutely).

What you may not know, however, is that WEP’s been cracked in significantly faster time in recent months and is approaching the point of uselessness. At least, it’s useless if you want to keep out anybody that’s spent even the smallest amount of time online reading about WEP weaknesses and attack tools. If at all possible, use at least Wi-Fi Protected Access (WPA) to secure your setup.

WPA is available in a large and increasing number of WiFi products. I recently bought a Toshiba M35X-S161 laptop with built-in 802.11g/b and a Linksys WPC54G wireless adapter for a different laptop. Both support WPA out of the box. Make sure any new WiFi equipment you buy does too, and use it.

BTW, securing your WiFi network also requires securing everything connected to it. Make certain you change the password on your router’s administrative account, and that the router uses stateful packet inspection (SPI). You also need to secure all of the systems that will be connected to your network (wirelessly or wired). Verify they are running up to date antivirus and firewall software. With software such as AntiVir Personal Edition and Zone Alarm available for free download, you have absolutely no excuse not to secure even your oldest and fuddiest print server or email station.