In some ways, securing a network is like the security on your home:
- Leave the front door wide open. Seen by curious honest people and criminals alike as an open invitation to enter. See, it even says ‘Welcome’ on the doormat!
- Shut the front door. This will keep out an honest person, but a crook wouldn’t be deterred, as they’ll walk right up and try the handle.
- Lock the front door. This will again keep out the opportunist thief who will only try the door handle or climb in open a window to see if he can get it. Luckily most criminals fall into this category, so lock your door!
- Bolt the door with deadbolts, bars on the windows, and alarms. It takes a lot more to keep out the determined criminal who, with a little equipment and know-how, might pick the lock, disable your alarm, or break your whole door down!
Leaving the door open: an open invitation
- Broadcasting a default SSID
- No MAC filtering
- No encryption
- DHCP switched on/No access controls
- Changing the SSID (the name) of your network and disabling SSID broadcast. The determined hacker can discover this, so it merely protects you from the opportunist who’s in a hurry.
- Disabling DHCP/Access Control. This will not stop a hacker with even minimal knowledge, as there are many tools which will sniff out available IP addresses on your network
- MAC address filtering. A hacker with only a little know-how will be able to clone your MAC address--and see everything you see on your network.
- WEP: Wireless Encryption Protocol can be hacked in seconds using free tools that are widely available.
WPA: A randomized pre-shared key of at least 10 characters would take half-a-million years to crack. More info about this here. (Note: A random key means that it shouldn’t be a word that exists in any dictionary (hackers have extensive dictionaries that include all common passwords, English words, nicknames, and misspellings of words. This is called a “dictionary attack.”) A random key is a meaningless mix of lower- and uppercase letters and numbers, and sometimes special characters like punctuation, depending on whether your router supports it). If you’re not sure how to get a random key, you can generate a simple WPA key online on this Web site or a more complex one here. You can also get software that will generate a key for you (type “software generate wpa key” into your favorite search engine).
It’s best to build up each type of security in layers, checking that all devices can connect and communicate at each step before adding another layer. Make sure you read your router’s manual to ensure you’re storing the settings correctly (some routers require you to save the settings each time you make a change or the changes will be lost).