Wireless Network Security


I've just installed a RangeMax wireless router and got it all up and running, with out any encryption or any of that security stuff. Now that I see it working ok, I want to implement some of the security features.

I'm kind of in a rush on this, so would really appreciate it if someone can supply a quick overview on basic security, and then recommend some steps I should take.

LVL 11
Who is Participating?
nick2253Connect With a Mentor Commented:

How familiar are you with the RangeMax router and how comfortable are you with its interface?  If you are, then the brief suggestions below should be enough.  If not, post and I can go into more detail.

Depending on the area you are in, I recommend WPA-2 with MAC address control.  For WPA-2, use a non dictionary phrase with numbers and non-alphanumeric characters (@!%#$).  To find the MAC address of the computers that will connect wirelessly with the router, (assuming you are using windows) go to Start->Run and type cmd. Click OK. Then type in "ipconfig /all", no quotes.  The MAC address will be listed as XX-XX-XX-XX-XX-XX.  In order to enter into the router, you may have to change the "-" (hyphens) to ":" (colons) or remove them entirely.  That should be sufficient for home use.

Good Luck
One thing I forgot, which is very important, is to hide the router's SSID, and prevent access from the Internet.
CoccoBillConnect With a Mentor Commented:
Using WPA2 as nick2253 is recommended if your client hardware also supports it. If they don't, any encryption is better than nothing, they should at least support WPA or at the bare minimum WEP. Keep in mind that WEP is quite trivial to break, and WPA is also insecure if you don't use good passphrases.

Personally I'm not a fan of MAC filtering not SSID hiding, both of these just make the legit use of the network harder but offer very limited security. Think of it this way: There are most likely 2 kinds of unwanted people that would want to access your WLAN, 1) casual, as in neighbors or other freeriders just looking for a free internet connection 2) people trying to actually break into your network and systems for whatever reason. Group 1 does not have the knowledge required to "hack" into a system, group 2 does. To stop group 1 you only need some form of encryption such as WPA2/WPA to keep them out, adding SSID hiding or MAC filtering will not be needed. For group 2 who know what they're doing, it'll take a few seconds to find out the SSID and sniff the traffic for legit MAC addresses, making these useless as a security practise. However, using WPA2-PSK with a strong passphrase will as of the time of writing most likely stop even group 2, and WPA-PSK with a stron pass will slow them down. WEP will break in a couple minutes.

Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Jason210Author Commented:
Thank you CoccoBill for the vakluable information. Exactly the sort of thing I needed to know.
sphinx000514Connect With a Mentor Commented:
WEP can be easily broken with programs such as airsnort, weplab, ...and many more.  I strongly recomend that you use WPA, or WPA2 if your router supports it.  The passkey needs to be strong for anything to work, so your passkey should include the following:  letters, numbers, punctuation marks, capital letters, and symbols.  This will create a strong password.  for example:  98dwWI*^#|\93mxsuwI$ would be a strong passkey.  Don't expect yourself to remember the passkey that you use, just write it down and put it somewhere safe.  In addition to WPA or WPA2 and a strong passkey, You can also moniter and see anyone who is connected to your network by using a free tool called look at lan that can be found here:  http://www.snapfiles.com/reviews/LookLAN_Network_Monitor/lanlook.html

It will scan your network every few minutes and let you know if anyone else is using your network.
Jason210Author Commented:
Useful info thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.