Let’s talk about the basics of secure wireless networking here. First, we’ll work with managing power and the placement of your access point (AP) or router in order to minimize its “signal leakage” to those outside the desired coverage area. Next up is WPA2 encryption, and finally, we’ll address MAC address filtering. Interestingly, until recently it was believed that SSID “masking” or disabling its broadcast was also an effective deterrent against wireless hackers. Unfortunately, the proliferation of simple and free tools to find access points with disabled SSIDs has rendered this tactic pointless. But with just a few minutes spent on these techniques, you can vastly improve the security of your wireless connection(s). Let’s dig more deeply into each of these issues below.
Placement and Power Issues
Nothing is more basic than the placement of your router or access point. Nearly all APs and routers ship with omnidirectional antennas that do just what it sounds like they do – broadcast in all directions equally. Simply by choosing a central
location for your AP or router, you can not only improve coverage within your home or business, but also reduce the likelihood of that signal being useful far outside your home or office. Along these lines, most APs and routers allow power to be
“dialed down” to address that same issue. If you can get good coverage with reduced power, signal leakage is that much less of an issue. Since WiFi signals don’t propagate equally well through all materials (wall, windows, even people) some experimentation with placement may be necessary.
MAC Address Filtering
The next step to take is to turn on the MAC filtering in your device. Every networking device (laptop, phone, Playstation, TV, etc.) has a uniquely assigned MAC address that is basically a serialnumber for its network connection. And all modern APs and routers have the ability to filter by MAC address, so that you can setup a table of allowable MAC addresses and allow traffic onto your WiFi network only from those addresses. This means that even if a hacker gains access to your encryption key (see below), they won’t be able to get on your network as they will have a “foreign” MAC address. This is not a foolproof solution, as various free tools will allow those acceptable MAC addresses to be identified and then “spoofed” by an attacker, but that takes some work.
WPA2 Encryption
The combination of WPA2 and TKIP or AES encryption is your best defense against more determined wireless snooping. Though WPA2 (which replaced WPA, which replaced WEP) inherits some of the weaknesses of the earlier standards, it really is the entry point into securing your wireless network. If nothing else, running an open WiFi network leaves you open to piggybacking of your signal, which can be used for very evil purposes (see last paragraph). Modern APs and routers have so much computing power that using the highest level of encryption possible is always a good idea, though you will always be limited by the lowest common denominator device in your WiFi network.
But security should trump other concerns; if you have one device that won’t do WPA2, replace it.
But Really, Do You Need It?
So you don’t feel you have anything of great value to protect and that this is all too much trouble. Well, in a rather infamous act several years ago, a very unhappy homeowner spent years defending himself against charges of child porn and sending threatening email to the President; all because he was running an open WiFi network that some miscreant used to do these things. Investigators know and care only that the bad traffic came from your IP address, not who was using that IP address. There is no perfect security solution for home or business, but if you’re harder to hack than the business or home next door, you win. Remember, if the bear is chasing two hunters in the woods, you don’t have be to faster than the bear, only than the other hunter
