Monday, February 23, 2009

Secure your wireless network

Bookmark and Share

What is it about?

- We will not cover step by step wireless router configuration as these steps might differ depending on your router type/manufacture. However, we will concentrate on securing managed wireless network.
- This article refers to Home Wireless network [802.11?]

How to secure wireless network?

1. Use relatively strong passphrase as your ESSID.
- This will not prevent brute-force attacks. However, it will make for anyone difficult to guess your ESSID

2. Disable broadcast of SSID/ESSID.
- This will prevent your wireless network/essentially router visibility when any Wi-Fi device tries to automatically connect available wireless network to its vicinity.
- Provide ESSID to only those whom you trust.

3. Use WPA encryption for your network. [or whichever strongest available]

4. Enable MAC address based access control list (ACL) on your wireless router. Add MAC addresses of those trusted devices from your network manually whom you want to allow access.
- This will reject any device trying to register wireless network/router whose MAC address is not listed in access control list.

5. Enable firewall on your wireless router. Allow only trusted ports visible for incoming connections

6. Enable logging mechanism. Try to send logs to email account provided by your ISP. You can also use free email service providers such as yahoo/hotmail/gmail as they provide unlimited space. Point is try to store logs to any other location than your router.

7. Change default password for your router to some strong passphrase.

8. Ensure that your router is running with latest firmware. Do checkout your router manufacture's website.

9. Last but not the least; install endpoint security softwares such as antivirus/anti-spywares/personal firewalls on all Wi-Fi devices.


2 comments:

  1. I dont know about step #9 in your post.
    Can you pls elaborate how to do this?
    I have SAV 10 with me for my laptop. Can I use same for the router as well?
    - Mahesh

    ReplyDelete
  2. #9 says that install endpoint security software on your WiFi devices (e.g. laptop and not on router).

    ReplyDelete

Your valuable comments are welcome. (Comments will be moderated.)

 




Technology