11 steps to securing your wireless network

A hardware or software device placed around the perimeter of your wireless home network, a firewall is the first line of defense against intruders. To learn more about setting up a firewall, read Protect Your PC—Firewalls.

At the core of your wireless home network is the access point or router. Its manufacturer provides Web pages where you first enter your username and password in order to set up your home network. Hackers can unearth these initial default settings via the Internet—so change them immediately after installing the access point or router via its Administrator Account feature.

All wireless equipment supports a form of Wi-Fi Protected Access (WPA) or Wired Equivalent Privacy (WEP) encryption technology, which scrambles messages sent over wireless networks so no one other than you can easily read them. You need to select the strongest form of encryption that works with your wireless home network but also shares the same WPA or WEP encryption settings as your home network’s other wireless devices. (That may mean finding a “lowest common denominator” setting.)

Known as the Service Set Identifier (SSID), the name of the wireless local area network (WLAN) must be the same for all your home network’s wireless devices for them to communicate with each other. Manufacturers of access points and routers normally ship their products with the same SSID set. While knowing just the SSID does not enable anyone to break into your home network, using a default SSID is a sign of a poorly configured network and is easy prey for hackers. So, when configuring your WLAN, change the default SSID as soon as possible to a name that you can remember and is: not easily known (doesn’t contain personal information, such as your birthday); includes both numbers and letters; and uses the maximum length allowed.

Each piece of wireless gear possesses a unique identifier called a Media Access Control (MAC) address. Access points and routers keep track of the MAC addresses of all wireless devices that connect to them. Many such products let you input the MAC addresses of your home equipment, which restricts your network to allow connections only from those devices. While this does not completely prevent hackers from attacking your home network, it is another helpful step toward safeguarding it.

In wireless networking, the access point or router typically broadcasts the Service Set Identifier (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hot spots, where there are many different wireless users. For your home network, though, this feature is unnecessary and also makes your network more vulnerable to hackers—so turn off the SSID broadcast by logging in to your PC’s Network Administrator setting.

Potential attackers of your home network can easily obtain valid Internet Protocol (IP) addresses from your network’s Dynamic Host Configuration Protocol (DHCP). To remedy this, disable DHCP on the router or access point, set a fixed IP address range and then match each of your connected wireless devices to it. Use a private IP range (like 10.0.0.x) to prevent your PC(s) from being reached directly from the Internet.

When passing on files to others, share only what’s necessary—send the file rather than the folder, the folder rather than the hard drive and so forth. And whenever possible, protect whatever you are sharing by requiring the recipient to use a password to open it.

Wireless signals normally reach to the exterior of your home. But sometimes they go further, across your street and into your neighbors’ homes. To minimize this kind of “leakage,” try to position your wireless devices near the center of your home, rather than by its windows. In addition, keep your wireless devices away from telephones, microwaves and other appliances that may cause interference and compromise security.

The best approach to safeguarding your home network is simply to shut it down when you’re not using it. While this may be impractical if you use your home network all day, turning it off when you’re away from home or offline for considerable periods of time will definitely protect your network from hackers.

Built-in mobile broadband (WWAN) security is provided via encryption—so data sent and received is unreadable without the proper authentication “key.” More security is available via optional virtual private network (VPN) software, which is provided by employers to create a virtual point-to-point connection.