How to secure your home wireless network

You have taken the plunge, gone and got your new wireless router, run the setup CD and you are away and laughing.

Sometimes, the person with a computer within range of your network is laughing too. They just got free internet!

How many readers have turned on their wireless connection and discovered numerous other networks within range? How many have seen a network named "DLink", "Linksys" or "NetGear" listed as an available connection?

Chances are these are wireless routers that have been set up straight out of the box, and possibly allow someone to connect without any form of identification or authentication.

There may be some valid reasons why someone would set up an unsecured wireless connection, but most of the time it was because security was an afterthought, assumed or just not considered. You have your new network set up, you can print and surf without being connected by nuisance cabling.

It's not until things go a bit pear-shaped that you discover someone has been using your internet connection for gaming, illegal downloads and "listening" to your connection for personal information.

A recent example of this is type of activity is a group of hackers went looking for unsecured wireless connections, and potentially stole the credit card details of nearly 42 million people.

The key to this type of attack was to discover unsecured wireless network, and would use nothing more sophisticated than a standard laptop and driving around watching for networks. On a much smaller scale, but just as disturbing to an individual, is having your internet connection stolen.

There are some basic steps that can be taken to make it more difficult for someone to connect to your network, and these involve configuring your router properly.

Change your SSID - The Service Set Identifier (SSID) is the name that shows up on the connection. By changing it to something other than the default, you will be less likely be targeted for an attempt to connect. Make it something that will not obviously identify it as belonging to you (don't use your address or name).

Some more experienced administrators may choose the option to not broadcast the SSID. Broadcasting the SSID means everyone can ‘discover' your network. Not broadcasting the SSID cannot be relied upon as your only security measure. Just because it is not seen, doesn't mean it cannot be found.

Change the router administrator account - Changing the "admin" account is often overlooked. Changing the password is good, but changing the password and the admin account name is even better. It means that someone trying to get into your router will have to guess two lots of information.

Enable Encryption - Make use of the ability to encrypt the data between your devices (laptop, computer, printer etc) and the router. This will help prevent your data being captured or ‘sniffed'.

Remember, your wireless connection is not transmitting in a line between you and the router. It is up to 70 metres (depending on the router specification), 360 degrees in a three dimensional space, meaning up and down, left and right...everywhere. That's especially important if you live in an apartment building.

There are various encryption types, and plenty of information and arguments for using a particular type. Ultimately the choice is yours. Something is better than nothing, and the more difficult it is for someone to steal your connection, the less likely the ‘attacker' will put any major effort into breaking the encryption you are using.

Use MAC Filtering - If your router has the ability, an excellent way to restrict only your own devices to your network is to use MAC filtering.

The MAC address (Media Access Control) is a number that the manufacturer of the network hardware has assigned to the device. It was intended that the MAC address be globally unique for any given device, but it is possible to change the MAC address.

The point is if you can restrict connections by MAC address, then you have greater control over what connects to your network. Again, there is plenty of information on the internet on how to locate your MAC address, and your router documentation should help you enable this function.

Review your router logs - A lot of routers have the ability to record certain events, and show you the current status of the router including what is currently connected.

Often, these logs are only viewed when something has gone horribly wrong, but can be useful as a check of what has been happening on your router. If you suspect something is wrong with your connection, you can see what might be causing it with the router logs.

You can also use your log files to fine tune your router security. There are plenty of people who religiously defrag, clean up their temporary internet files and empty the recycle bin. Why not add "check router logs" to the list?

Back up your router configuration - Most popular routers have the ability to save a configuration file so that if your router setting gets corrupted, you can quickly restore the settings. This is particularly useful if you have spent some time ‘tweaking' your router settings, and have not actually recorded what you have changed.

That is by no means a definitive list of security precautions that you can take with your wireless network, and it is up to you whether or not you implement some form of security. Do not be scared about diving into the "Advanced" tab on your router and playing with your security settings.

If you do mess it up, then there is always the faithful "Reset" button and restore using the backed up configuration file you saved earlier...you hope.

A word of warning: Unless you are very confident in what you are doing, avoid playing with the firmware update function. The worst case scenario is that you will turn your router into a paperweight.

There are plenty of resources on the internet about wireless vulnerabilities and security precautions, or you can ask the salesperson when you buy your router. There is no such thing as a silly question and don't be scared to use the technology, just get to know it and learn how to protect yourself.

* Shane Huston is an information security analyst