I was at my father’s house this weekend, and he was saying that he was having problems with his wireless network and wanted me to try connecting with my PDA phone. I was expecting to have to ask what his shared key was, but only one network showed up on my device. It was named “linksys”, and right next to it was the infamous tag “[Unsecured]”. I was able to connect to the network and use the connected resources, by the way, without a password.

I thought I’d blog today about the most basic wireless network security. Having an unsecured wireless network can allow users to not only send spam through any Internet connection that you have, but also use your network as the base for a wide variety of attacks. You’ll probably also find it annoying that anonymous people can access your shared resources, including sending print jobs to your printer.

Many home and small business users are buying wireless routers, that basically act as a wireless access point to add IEEE 802.11 based wireless local area network connectivity. At many homes and offices you’ll see a wireless router stacked on top of a DSL or cable modem, and many DSL or cable modems have wireless access point capabilities built in. Having a wireless network is convenient if you have a mobile device like a laptop or a PDA and want to be able to access your network resources while sitting on the couch in the living room, cooking in the kitchen, or even while sitting on the toilet. In remote rural areas, using a UMA wireless phone and a wireless access point is often the only way to get cellular phone service at home.

Many wireless access points, also known as WAPs, have the wireless access enabled by default so that you don’t even need to hook up a wired device to get started configuring the access point. As a result, many users actually skip the access point configuration steps all together, resulting in unsecured networks. When putting a WAP appliance on your network, there are three major things you need to configure for security.

Encryption

Enabling encryption is the single most important thing to do. If your access point supports WPA2 with AES, it is the preferred encryption to enable. You can also use just WPA if your access point or your mobile devices don’t support WPA2 with AES. If your access point or devices only support WEP you may want to consider getting new hardware. Enter a shared key, which is your network password, of at least eight characters, but preferrably 16, including some non-letters and uppercase characters.

Media Access Control Address Filtering

Media access controll addresses, also known as MAC addresses, are unique serial numbers for each network capable device. No two are supposed to be alike, so you can use this to strictly control not only which devices in the world can connect to your network, but often whether they can even see your network when browsing for available wireless access.

Although not as convenient as just giving your friends your network’s shared key when they come visit, only allowing specific devices to connect to your network can really help hide and provide some level of security from your average user. This feature should be used in combination with encryption, and does require some intermediate ability to get the MAC addresses for your mobile devices.

Service Set Identifier

The Service Set Identifier, also know as the SSID, is the short name that will be seen when users browse looking for wireless access. It allows users to be sure they’re trying to access the correct network. The SSID should be changed from any default factory setting of your access point. However, please don’t enter your name or anything identifiable here. You really do want to leave people guessing whose network they’re trying to hack into. What name do you give it, then? Why not a uniqe name like “network 39481″. You really only need to be sure that you’re trying to connect to your network and not the neighbor’s.

Although it doesn’t apply only to wireless access points, it is important to basically start with a deny all policy for any access permissions and then only grant to your users what permissions they need.

 Also, please don’t forget to change your WAP appliance’s default password, and leave off any remote administration, especially any administration from the wireless network, if possible. When asking my father what the password was for his Linksys WRT54GS wireless router, he was under the impression that “the people” that installed it had changed the password from the default and had also secured his network. If you have someone install your WAP for you, please don’t forget to ask about both the password for the appliance and your network’s security settings, and then ask them to show you how to verify the information. I ended up finding that my father’s appliance still had the factory default password.

 If you have a device near your computer that has an antenna on it, taking the precautions in this post could stop spammers and hackers from doing malicious things to computers and printers on your network or launching attacks from your network from over 300 feet away.