Setup SSID
Find the section in your router management interface for the wireless network setup. This section will have a field for the SSID (Service Set IDentifier) which to you and me is just a fancy name for your wireless network’s name. You should change your SSID from whatever the default is so that attackers will have a tougher time identifying the manufacturer of your router. While on this page there should also be an option to disable broadcasting the network SSID.
I recommend disabling broadcasting because this adds another layer of security by stopping most unwanted visitors from even seeing your network. Let us think of your network as a club that only offers exclusive memberships. To avoid non-members from coming in one would probably want to make their building as unnoticeable as possible; taking down neon signs and all markings is one way to accomplish this task. Disabling SSID broadcast is doing just that, making your wireless network less noticable. Note:If you select to disable SSID broadcasting you will have to ensure your wireless network card connects to the network even if the SSID is not being broadcast.
Setup wireless security encryption.
Now go to the wireless security section of your router.
In this section there should be a dropdown menu to select which type of encryption method to use for the wireless signal.
The following are some of the encryption methods you might see listed here and what they mean:
- WEP (Wired Equivalent Privacy) – This is one of the most widely used network security measures and gives a means of protection for wireless data. There are vulnerabilities with WEP, but if you have problems with WPA or WPA2 just remember that WEP is better than having an unsecured network.
- WPA and WPA2 (Wi-Fi Protected Access) – These were developed to provide an alternative to WEP as many vulnerabilities were identified with the WEP method of protection. The problem with WPA is that some devices do not work well with WPA enabled. These devices are typically PDA’s and media players. If you decide to use WPA and run into problems, try switching to WEP and see if that fixes your problems.
When a wireless user attempts to connect to your network they will be prompted to enter the key.
Think again of your exclusive club. Now, imagine the wireless encryption as perimeter protection.
WEP is like a privacy fence with a key coded gate to get inside. This will keep most people out but would be very easy to get around for a person with the right tools.
WPA/WPA2 is the same as a brick wall with razor wire on top and a key coded gate to get inside. This will keep unauthorized users out, and they will not be able to get in without a great deal of effort and time.
Choose a method of protection.
If you chose WEP you will have to set up or generate a Key which is a set of hexadecimal characters hexadecimal characters include 0-9 and A-F so your key can only include those characters. Be sure to write this key down as you will need it when you connect your devices later.
If you chose WPA you will have to set up a pass phrase which is just another password for access to your router. This password will allow devices to connect to the router and subsequently connect to the internet through the router.
Click Apply or Save Changes
SSID is really a catch 22 in my opinion. If you broadcast it, it’s in the open for everyone to see, but if you disable it and someone comes around wardriving and discovers that you’re SSID was disabled they’ll be more inclined to attempt to access your network because you probably have something important to keep hidden. It’s definitely not always the case, but I thought I’d share my 2 cents 🙂
Sorry, I should have added that your passphrase for WPA should be random generated and not a weak passphrase of a plain “dictionary” word that can be cracked very easily.
I agree that not broadcasting your SSID is only a layer but it can still be cracked. Anything can be cracked given the right tools and given the time, any network can be infiltrated.. The point is, to make your network a more difficult target so that the criminal (or hacker if you will) decides to move on to a more easily accessible target.
Considering most wireless networks are unprotected, getting this information out just so people impliment basic protection is a good start.
I agree. The MAC filter is not the equivalent to a bouncer, but more a little old lady asking you for your name without ID. You can lie (spoof) about it. As far as a WPA passphrase, you should use a passphrase generator to generate one for you up to 63 characters long (the longer the better and with all character types). This will make it more difficult, if not impossible, to brute force attack it. Using a dictionary word will only take a few seconds to crack.
Not broadcasting the SSID only adds another layer but it’s not impossible to crack it. Most scanning software will show it but without the SSID so it’s just a bit of extra work for the hacker to sniff that out.
Disabling SSID doesn’t add security. MAC addresses can be spoofed.