Securing a wireless connection
The standard practice for wireless security is as follows.
In the first half hour of plugging in the device, do this...
- Change the administrator password of the router from the factory default.
- If possible change the LAN network address space from the factory default to something harder to guess such as 192.168.237.xxx.
- Change the SSID from the factory default. The SSID is the name of the network. For example change the factory default name such as "linksys" to something else that isn't so easy to guess. A simple choice would be "Random_Wireless" but it would be a good idea to change it to something that can't easily be blind guessed such as "WLAN_3285784" or something similarly cryptic.
- Turn off "broadcasting" of the network SSID. This means that anybody who wants to use your wireless network needs to specify the name of the network (the SSID) instead of just choosing it from a menu that pops up on their computer. It is customary that the computers will remember the name in later sessions so the user only has to type in the name once. The client computers in the network will each have to be set up to use the named network.
- Turn on WEP. Preferably 128 bit WEP. This is encryption. This is Wired Equivalent Privacy. This is a feeble attempt to make the wireless network as secure as a real, traditional ethernet, wired network. It is not nearly as secure by any means but it is what the industry has standardized on. It will cause the network to perform slower but it makes the network much more difficult to use by unwanted third-parties who would eavesdrop or actively participate in your network. The client computers in the network will each have to be set up to use the password that protects the network.
- Turn on MAC address filtering. This tells the wireless routers to only talk to computers who are on an approved list. Setting up this list is done at the router and does not need require doing anything to the client computers. The router can provide a list of the MAC addresses of its existing DHCP clients to be used for creating the authorized list.
- If possible, turn down the broadcast power on your wireless router. Only use as much power as you need to communicate to your authorized client computers. Don't broadcast far outside your building if you don't have to.