Wireless Home Network Security

DG834G wireless router

What is a Wireless Router?

A wireless router is at the centre of a wireless network. It listens for wireless enabled computers, and other devices such as some PDAs, to connect to it and then provides a route of communication to other computers on the same network and, commonly, a broadband internet connection using ADSL via a telephone line or a cable connection.

This article uses the Netgear DG834G Wireless Router for configuration examples, as it, and close relatives, are some of the most commonly used wireless routers in the UK.

Installing a Wireless router

Basic installation of a wireless router is usually a case of connection it to an electricity supply, and for broadband, the telephone line. The supplied instructions will normally tell you how to use another computer with a web browser, such as Microsoft Internet Explorer or Mozilla Firefox to configure a connection to the Internet Service Provider (ISP). ISP configuration is often automatic.

This quick configuration that allows you to get online, also allows other people to get online using your wireless access point because your router broadcasts its presence and waits for any wireless enabled computer that is in range to connect through it.

Unfortunately, this easy set up is not secure. It is equivalent to leaving all of the doors and window of a house open when you go out and being surprised that burglars enter it.

Why Secure my Router? Who wants My connection?

The most common security breach of home wireless networks is neighbours accidentally using an unsecured wireless connection. This has consequences:

  1. The neighbours may cut off your access to the internet because they are unaware they are using yours and try to change some settings, or even try to secure the router for themselves.
  2. The connection becomes slower, because you are sharing it with other people.
  3. Charges may go up because neighbours downloads are causing you to exceed contracted download limits from your ISP.
  4. They may be able to access information directly from your computer or PDA, when it is also connected.

There are many reasons that malicious people might wish to connect to any computer they can find and use it for nefarious purposes. This is a list of examples, there are many more...

  1. Free use of your internet service without having to pay for their own.
  2. Viewing or stealing information such as watching your access to secure services e.g. internet banking.
  3. Download or upload of illegal materials
  4. Provision of disposable web site for phishing or other illegal activities

One of the most problematic issues for the misuse of your router in the UK comes from "The Computer Misuse Act 1990" that under its original design should have given you legal protection. The actual phrasing means that unless you are able to prove that you were not the person using your router for "unauthorised access to computer material", you may appear to be the party committing the offence.

No security measure is perfect, but the more measures taken, the less likely it is that an opportunist will be able to compromise or damage your resources.

Administrative Security

The first point of security is to prevent anyone else changing or taking over control of your router. As soon as you are sure that your router is working, the following steps should be taken:

  1. Change the administrative password. It is OK to write this password down!
  2. Change the user name for configuring the router, if possible.
  3. Turn off remote management options if your router supports them.

For example on a Netgear DG834G Wireless Router the option to change the password is found under the title "Maintenance" with the option "Set Password" and the option to turn off remote management is found under the title "Advanced" with the option "remote management" .

Router Privacy

Router Name

Each router has a name, also know as a SSID, so that you can identify it when you connect to it. When a router is initially installed, it normally has a pre defined name relating to its model number or manufacturer, thus, freshly installed wireless router often have names such as "Belkin" or "Netgear".

Changing the name of your router makes it easier to identify which is your own, and makes it more difficult for illicit users to know much about it.

For example on a Netgear DG834G Wireless Router the option to change its name can be found under the title "Setup" with the option "Wireless Settings".

Please note that when you change the name of your router, all the computers that use the wireless connection will need to have the name of the "access point" that they connect to changed as well, or they will be unable to communicate. It is also important to be aware that router names are case sensitive. i.e. "Security" and "security" are regarded as different.

Disable Broadcast of Router Name (SSID)

Once you have changed your router's name, and made sure that all the computers on your network can still connect to it, the next step is to tell the router to hide itself. to stop broadcasting its new name to any listener.

When you hide the name of your router, after you have changed its name, malicious individuals will have more difficulty in guessing its name and manufacturer, which is an important step for them to break your security.

For example on a Netgear DG834G Wireless Router the option to control broadcast of the router's name can be found under the title "Setup" with the option "Wireless Settings" as "Allow Broadcast of Name (SSID)".

Only Permit Known Wireless Adaptors

Many routers can be set to permit only known wireless connectors to communicate with them by use of an "access List". This makes it much more difficult for hackers to gain access to your router.

Before setting this facility, make sure all the computers that you wish to have connected to the router switched on and are connected to it.

For example on a Netgear DG834G Wireless Router the option to set up an access list can be found under the title "Setup" with the option "Wireless Settings" using the button "Set up Access List". On this page, use the "add" option for all the available devices that you recognise as your own. Finally, select "Turn access control on" before applying the settings.

Wireless Data Security

In order to prevent snooping on the communications between your computers and the router (which may include confidential emails or bank details) it is necessary to encrypt the connections beween your router and each computer. There are several ways that this can be done but there are a few standards. For a home network One of the best and easiest to set up is Wired Equivalent Privacy (WEP).

Wired Equivalent Privacy (WEP)

WEP can be set at two different security levels, 128 bit security is much more secure than 64bit (also know as 40 bit WEP). To make it work, the router and any legitimate users share an encryption key. Once the key is set on the router, any computer that wishes to communicate must be configured to use the same key. Without knowledge of the key, the information that is transmitted to and from the router is extremely difficult for an outsider to decode.

Setting up WEP on a computer, as opposed to the router, means it is necessary to use appropriate controls for the wireless adaptor. Sometimes this can be done directly from the computer's internet settings panel, sometimes it is necessary to use driving software that came with the wireless adaptor.

For example to set up WEP on a Netgear DG834G Wireless Router the option to control broadcast of the router's name can be found under the title "Setup" with the option "Wireless Settings"

  1. Go to the sction called "Security Options".
  2. Select "WEP (Wired Equivalent Privacy)"
  3. Under "WEP Security Encryption" choose an authenctication type of "Automatic"
  4. Choose an "Encryption Strength" of "128 bit"
  5. Under "WEP Key" Enter a unique pass phrase and keep a note of it on paper
  6. Press the "Generate" button. A long combination of letters and numbers should appear as "Key 1"
  7. Take a note of "Key 1" on some paper
  8. Press the "Apply" button at the bottom of the screen.
  9. Change the settings on each of your computers to use 128 bit WEP and enter "Key 1" or your passphrase as required.

In general, Netgear's own adaptors can use the easier passphrase, while most others such as Microsoft's wireless networking require "Key 1"

General comments on improving Wireless Network Security

When each step of improving security is applied, it is normal for wireless connected computers to lose their connection until corresponding settings are also made on the computer. A consequence of this is that configuring the wireless security through a wireless connection is quite frustrating. If possible, it much easier to perform wireless router configuration using a physical nework cable.

No security is perfect, but good security improves your chances!

Wireless Router Security Service

Dragon Thoughts Ltd is happy to provide a wireless installation or securing service and advice to customers near to South Cheshire or North Staffordshire. Please contact Dragon Thoughts for an appointment.

Recent Virus Information By McAfee

All material on this page is copyright (c) 2006 David Clarke, of dragonthoughts.com