Wireless networks are now prevalent at work and at home, and are potentially more insecure than wired systems. But, says Jason Lydford, they can be made safe with a few simple measures




For the vast majority of people who have access to the Internet, whether at work or at home, most have at some point either considered making it wireless or have already done so. Why?



Well, it is much more convenient, and being that the set-up is virtually wire free, it is usually tidier (especially at home). A wireless router allows more than a single PC or laptop to share the network and, of course, to share the Internet easily and efficiently - and dependent upon your particular set-up, it should give access to your network from almost anywhere within its range. But this is the problem: security.



We all need to have a decent level of security, what with identity theft becoming rife, worms and Trojans stealing our data, malware and spyware infecting our systems and opening virtual doors to hackers. We even have to protect ourselves from those closer to us - disgruntled ex- employees, for example, with a grudge to bear and looking for a way to exploit our systems and cause as much grief as possible.



Here are some tips to help secure your wireless networking environment, both at home and in the office. Following this advice may well help to keep the undesirables out and the data safely locked in.



Encrypt your network

Most, if not all, wireless routers and access points have encryption ability provided with them. The problem is that they are usually shipped with it disabled as default. There are a number of ways to encrypt your wireless equipment. One of the best methods (without using incredibly expensive equipment) is to use WiFi Protected Access (WPA). This comes built-in with the majority of routers, and Windows XP Service Pack 2 has it included.



WPA uses Temporal Key Integrity Protocol to secure the network, making it much harder to crack - it has 128-bit encryption, automatically changes the key used for each packet sent, and each packet transmitted has a unique 48-bit serial number. None of this makes much difference to the user experience, but as far as security goes, it is essential. WPA is much better than using Wired Equivalent Privacy (WEP) because WEP can be very easily hacked within a few moments. If your wireless uses WEP security, update it as soon as possible to WPA.



Rename and then disable SSID broadcasting

Service Set Identifier (SSID), simply put, is the name of your wireless base station device. By default it is transmitted so that any PC within range can identify that the wireless network is live and available for connection. The problem is that if you can see it, so can everyone else within range. First, change the SSID name (the default is usually the manufacturer's name or equipment type). Once this is done, the best policy is to connect your computers and then disable SSID broadcasting. As you already know what the SSID is, you will be able to find it again. It is much more difficult for someone to hack something that they cannot see.



Change the administrative password

Most manufacturers of routers will supply a default username and password (usually written underneath the equipment) to allow you access to the control panel. This is where you can configure the equipment how you need to. One of the first things to do once you have access to the control panel of the router is to change the password. Save it, log off and log back in again using the new credentials.



This control panel configures your entire wireless network - in the wrong hands you could be in for a whole lot of stress and hassle.



Limit access rights

The majority of wireless routers will allow you to designate which computers have access and those that do not - simply by using MAC address filtering. This means that you can set up a list of devices that are allowed to connect to your router. It is a little like giving a doorman a list of invited guests - if your name is not on the list, you are not allowed in. This is not completely foolproof - there are ways around getting on to the list - but like most of the other security tips, if it means more work, usually a hacker will move on to an easier, less secure target.



Add a good anti-virus and anti-spyware solution to the mix, and you have yourself a good all-round, secure wireless network for your home and/or business.



Jason Lydford is director of Computer Rescue Ltd

LINK: www.cr-it.co.uk



Buzzword Bingo: those IT terms explained



l Trojan, malware and spyware

Malware is IT jargon for malicious software. Spyware is software that tracks what you do on your computer or what your computer does, but it is not necessarily malicious. Increasingly, however, spyware is seen as being as undesirable as malware. Trojans, unlike viruses, cannot propagate themselves, hiding instead inside seemingly harmless programs that, when run, activate the Trojan. A Trojan can be anything from software allowing remote access to a keylogger that can record, and transmit, anything you type.



l MAC address

Stands for media access control address. It 'names' network adapters inside devices, such as network cards inside PCs, base stations or cable modems, so that they can be differentiated on a network.



l Wireless router

A wireless broadband router allows you to connect multiple PCs to your home or office broadband connection. Sometimes called DSL router or home gateway.