Optimizing and securing your network
Because wireless signals often travel beyond the physical confines of your home or office, you must take extra precautions to secure your network. Otherwise, any hacker on the street with a suitable radio can gain access to your network. In addition to the steps listed below, make sure you check and update your firewall software. (Check out CNET's Top 5 security applications.)
Keep out
The first line of defense is the SSID, which can be up to 32 characters in length. Make sure you change this to a unique network name right away. Leaving the factory-default setting in place--typically wireless, any, or the manufacturer's name--is like leaving your house's front door open.
You guard your network's "back door" by setting the WEP encryption on the AP and the clients. While the AP can create and distribute a new WEP key for each session, the network still must broadcast the key through the air, which can compromise security. Manufacturers promise an update to the security protocol in the near future, but in the meantime, we suggest you enter a key manually on both the AP and the client. Unfortunately, this means you must enter 26 letters and numbers for a 128-bit key. You should also choose a random sequence of letters and numbers, then change it frequently.
Wireless Settings configuration screen for the 3Com OfficeConnect Wireless Cable/DSL Gateway
What, me worry?
Still worried about security? You could set the EAP on the access point to authenticate only those clients with a smart card or other high-level security device--if you use one of the handful of notebooks that support them. Alternatively, you can use a proprietary security system to lock the network's windows as well as its doors. One of our favorites is Kerberos, which was developed at MIT and named for Greek mythology's three-headed guard dog at the gates of Hades. It works with all major operating systems except Mac; it sends out keys in encrypted form, so snoopers would have to work hard to break in.
You can also keep bad guys out by turning off DHCP. Instead, give an exact IP address or range of IP addresses for your computers. Theoretically, the hacker will be stuck on the outside of your network. You can also set the AP to allow only a predetermined list of MAC addresses to connect or to have full network access.
With so many different parameters to keep track of, we suggest you write them all down. If you're at home, put the AP's IP address, SSID, WEP level, and other details on a card, then tape it on the back of the AP or keep it with the documentation. Office users should keep all the network settings in a secure location.
What lies ahead
To address WEP security concerns, the Wi-Fi Alliance along with the IEEE developed a new standard known as Wi-Fi Protected Access (WPA). In addition to enhanced data encryption, WPA supports 802.1x user authentication. The standard is already available for selected certain products as a software upgrade. (Check the support site of your equipment maker for details.) But this represents only a stopgap measure in the effort to better secure wireless networks. WPA is merely a subset of the upcoming 802.11i security protocol, which promises to offer a more secure and robust solution. WPA will be forward-compatible with 802.11i, which the IEEE expects to publish by the end of the year.
| • | The basics of wireless networking | • | Sweating the details |
| • | The lay of the LAN | • | Optimizing and securing your network |
