Securing your wireless access point is imperative. There have been several cases where people drive up and down residential neighborhoods stealing WiFi access – what are they using it for? They could be downloading child pornography, using the open access point for terrorist activities, or perhaps they’re downloading copyrighted material like movies and songs. Regardless of what they are using it for, you want to ensure that your access point is secure.
Securing your access point is very simple, at a very high level you need to ensure that your computer contains the latest patches and updates to ensure it has access to the latest security services. You also want to make sure that your wireless access point has the latest updates as well.
You can visit the wireless access point manufacturer’s site to see if there are any updates available. They will also provide step-by-step directions for updating the firmware in the device.
Do not underestimate the web either – do a search on the hardware you are using and you will find a lot of information on securing that particular hardware.
So how do you secure your wireless access point and what technologies do you use?
The WRT54GC features all the latest wireless security settings such as WEP, WPA Personal, WPA2 Personal and WPA2 Mixed Mode. You can also choose between AES and TKIP encryption.
WEP - or Wired Equivalent Privacy is a method to secure wireless networks. WEP is not very secure, and has been cracked easily with readily available software within minutes.
WPA - or Wi-Fi Protected Access (and all flavors) is much more secure than WEP. WPA is highly recommended to be used, along with a pass phrase that is longer than a typical 6 to 8 character password. For installations that I have performed, typically we have chosen pass phrases that are between 8 and 63 characters long and that are dynamically (randomly) generated (most pass phrases that I select are 63 characters in length).
WPA2 - is more secure than WPA and fully implements the mandatory elements of IEEEE 802.11i standards.
AES - also known as the Advanced Encryption Standard is one of the options available to you to secure your wireless connection.
TKIP - known as Temporal Key Integration Protocol, is another security method to protect wireless access points. TKIP may be more secure than AES, but it may slow down the connection between your computer and the access point.
So how do you secure your LinkSys WRT54GC wireless device?
Assuming that you have already have access to the device and have set it up, adding security is simple.
Consider changing your starting IP address – the default 192.168.x.x is pretty common and is used as a default installation. You need to alter the LOCAL IP ADDRESS. This is found under Setup > Basic Setup. You can also set the Maximum Number of DHCP Users.
Next under the Wireless option name your SSID – make it original! Too many people use the default LINKSYS or DEFAULT. Use something that will not identify you or your location – I’ve seen some of my neighbors use their hobbies, not wise. You should also consider DISABLING the Wireless SSID Broadcast.
Under the same option, click on Wireless MAC Filter. Find out the MAC address for the devices that will connect to your access point, and enter them here. This provides an additional layer of security, even though MAC addresses can be spoofed. Remember to ENABLE the option and PERMIT PCs LISTED BELOW TO ACCESS THE WIRELESS NETWORK.
On the LinkSys WRT54GC there is also a button that reads WIRELESS CLIENT LIST clicking this will show you who is currently connected to your access point.
Finally clicking on WIRELESS SECURITY option, select the SECURITY MODE (recommended WPA PERSONAL or WPA2). Choose the ENCRYPTION (AES or TKIP) and enter the PASSPHRASE – you have up to 63 characters in length, use them all up! Finally set the KEY RENEWAL. I use 3600 seconds.
And there you have it – your wireless access point is now secure! The next step is to have your computer access the wireless device, for this you need to take some additional steps.
I will post the rest a little later today…