Wireless Network Security

Working from home has its advantages, including no commute, a more flexible work schedule and fresh Coffee and Home-cooked meals whenever you want.

But working from Home while using a wireless local area network (WLAN) may lead to theft of sensitive information and hacker or virus infiltration unless proper measures are taken. As WLANs send information over radio waves, someone with a receiver in your area could be picking up the transmission, thus gaining access to your computer.

They could load viruses on to your laptop which could be transferred to the company's network when you go back to work.

Up to 75 per cent of WLAN users do not have standard security features installed, while 20 per cent are left completely open as default configurations are not secured, but made for the users to have their network up and running ASAP.

It is recommended that wireless router/access point setup be always done though a wired client.

Change default administrative password on wireless router/access point to a secured password.

Enable at least 128-bit WEP encryption on both card and access point. Change your WEP keys periodically. If equipment does not support at least 128-bit WEP encryption, consider replacing it.

Although there are security issues with WEP, it represents minimum level of security, and it should be enabled.

Change the default SSID on your router/access point to a hard to guess name. Setup your computer device to connect to this SSID by default.

Setup router/access point not to broadcast the SSID. The same SSID needs to be setup on the client side manually. This feature may not be available on all equipment.

Block anonymous Internet requests or pings.

On each computer having wireless network card, network connection properties should be configured to allow connection to Access Point networks Only. Computer to computer (peer to peer) Connection should not be allowed.

Enable MAC filtering. Deny association to wireless network for unspecified MAC addresses. Mac or Physical addresses are available through your computer device network connection setup and they are physically written on network cards. When adding new wireless cards / computer to the network, their MAC addresses should be registered with the router /access point.

network router should have firewall features enabled and demilitarized zone (DMZ) feature disabled.

You can test your hardware and personal firewalls using Shields Up test available at http://www.grc.com

All computers should have a properly configured personal firewall in addition to a hardware firewall.

Update router/access point firmware when new versions become available.

Locate router/access point away from strangers so they cannot reset the router/access point to default settings.

Locate router/access point in the middle of the building rather than near windows to limit signal coverage outside the building.

While none of the measure suggested above provides full protection as counter measures exist, a collection of suggested measures will act as a deterrent against attacker when other insecure networks represent easier targets.

The author