Guide to Home Network Security
Almost anyone can access your home network
Home network security. A bit of a mouthful isn’t it? I know we’re all Geeks here, but not everyone may have considered network security to be that important, or know much about it. Almost anyone with a wireless card or laptop can access your home network, your shared files, print documents on your printer, hack your PC and even browse the internet under your account.
These days it’s more of a problem than before, as many internet service providers are handing out wireless routers like candy, and people seem to forget, if they’re not pre-setup with the security features enabled (Orange are good for this) then anyone will be able to access it the same way you do; by clicking the connect button.
The past weekend I noticed three routers without any security in my local neighbourhood, allowing any passers by to access the internet. If, say, this person was to download something illegal on that wireless connection, it would be the owner of the connection who would be held responsible and face the courts.
Weak security is almost as bad. Wireless Encryption Protocol, or WEP, is getting on a bit in years now, and is not very secure at all. It’s possible to hack it in minutes as many videos on YouTube will demonstrate. After obtaining permission, just to prove my point, I cracked my neighbour’s 128-bit encrypted WEP network in just under four minutes, even managing to log into their Belkin router as administrator. When talking to them afterwards, they misunderstood the “128-bit” option as similar to the SSL connection when you browse a secure website. In effect, it’s nowhere near that level of security. All it boils down to is a longer passphrase; the flaws of WEP are still there.
So is it hopeless? No, not necessarily, but it is very hard to stop a determined hacker. The chances are though, that no-one is going to be incredibly determined to hack your properly set up network when there are so many unsecure ones out there. The security option you really want to choose is WPA2.
WPA, or Wi-Fi Protected Access, is a much more secure method of wireless communcation, and while WPA is crackable, it takes significantly longer than WEP. WPA2 on the other hand, is at this time, incredibly difficult to crack, and thus is the obvious choice.
As I mentioned above, Orange are good enough to have WPA2 enabled on their routers as standard (at the time of writing this article), so Orange Broadband users need not worry about any security issues. Note other internet service providers may offer the same, but Orange are the only ones I’ve personally seen.
So let’s talk you through enabling WPA2 on your network. First, you need to find out exactly what wireless router you are using, although the process is similar for most if not all of them. As I have a Linksys WRT54G, this article will focus on that particular model.
Once you’ve found out what router you have, you need to find the IP address to log into it. It should be printed on a label on the bottom of the router, or if you obtained it from your ISP, you may have a letter with the details on. The Linksys default IP is 192.168.1.1. Yours may be similar.
There is also a usually foolproof way to find it out if you can’t see it on the router’s underside or from your ISP, by using the Windows IP Configuration utility.
- Hold down the Windows key, and press the letter “R”
Type “cmd” (without quotes) into the box that appears and press Enter.
Type “ipconfig” (without quotes again) into the black box that appears and hit Enter again.
The IP address shown opposite “Default Gateway” is most likely your router. Tap this IP address into your web browser, and if asked for login details, you’ve got it.
So next, your login details. You should know these, either given to you by your ISP, or if you have no clue what they are, they are most likely set to factory default. Which is usually along the lines of “admin/admin” or “(blank)/admin”, either way, they should also be on the underside of the router.
Once you’re in, this is what you should see (remember, this will differ with different routers):
Now, the next part is completely based on what router you have. If you have a Linksys that looks similar to the screenshot above, you’re in luck, as the settings you are looking for are located on the Wireless tab under Wireless Security.
Once you’ve found the wireless security options, the chances are that they are simply not enabled, or set to WEP. You should, in a perfect world, set them to match the following screenshot:
On some routers though, not all the above options may be available. If there is no TKIP+AES option, select TKIP or AES. If there is no WPA2 option, then you need to select just WPA. If you have the option make sure to select “WPA2 Personal” or “WPA Personal” as Enterprise is not applicable in a home environment.
Now, your WPA shared key, written in the screenshot above as “passwordhere”, is literally what it says, a password. This password should be as long and as complicated as you can dream up. Punctuation, numerical values, put the works in there. Just as long as you can remember it. Simple words are not recommended for passwords as they can be broken with a straightforward dictionary attack.
Hit the Apply Settings or Save Settings button, remember to update your wireless devices with the new information and you’re good to go. I did run into a couple of issues myself when switching to WPA2 the first time, as enabling it prevented my Philips Streamium SL300i unit from connecting. It supported no encryption method other than WEP, which is very silly, but it’s not worth knocking down the security on my network to the level of a soggy paper tissue.
If you’re feeling particularly brave, and your router supports it, you can also enable MAC filtering, which is really beyond the scope of this article, but you would be able to enter the MAC addresses of your wireless devices into the list, and your router would ensure that only those units could communicate with it. It’s easily bypassed as MAC addresses can be spoofed quicker than you can say “looking at porn on the internet”, but security through obscurity is always fun, and adds another stumbling block in the road. No-one attempting to hack into your wireless network would know that MAC filtering is in place.
Hopefully this article has helped you secure your wireless network a little more, so prove it and let’s see less WEP and more WPA guys!
Does my mac adresse change if I upgrade my computer with some other hardware? For example change the graphic card?