Protect your Home or Business's (WiFi) Wireless Network
John Doe , who owns a company in Houston, was having trouble connecting to his wireless network. After complaining to his service provider, the company sent out a technician who discovered that many of his neighbors were piggybacking on his wireless service.
"Having so many users downloading big files and such was making it slow," John said. "[The technician] showed me how to make the network secure. Since then it has been fast and reliable--now I feel like I'm getting what I'm paying for."
Many small businesses are installing wireless computer networks, and for good reason. Wireless connectivity makes it easier to get and stay online--no matter where you are in the office. But if your wireless network isn't secure, then anyone outside your company can get online via your network, too, and they can use your Internet connection for whatever purpose they choose.
Outsiders can also access data stored on your network, such as billing and tax records, business banking information, and customer identities. Fortunately, it's easy to secure your wireless connection and transmissions. Here's what you need to know.
How secure is secure?
Even if your wireless network is secured--that is, only authorized users can access it--it's still less secure than a wired network. Wireless devices use the same public radio waves as cell phones, and it's easy to intercept data moving across this bandwidth.
As a result, if you want to protect your wireless network and the data stored on it, you need to use the security protections that come with your wireless equipment and adopt basic security measures, such as ensuring that everyone who accesses your network logs on with a username and a password and that everyone has an active firewall on their computer.
Turn on built-in security systems.
Wireless routers all come with built-in security features, but manufacturers often disable the systems because that makes the networks easier to set up.
One of the security features that's likely to be disabled in your router is WEP, which encrypts data that's being sent wirelessly. Although the encryption scheme is weak enough to be broken by a semiskilled snoop, it's better than no encryption at all. You'll see an option to turn on WEP when you run the installation software.
Some newer routers include stronger encryption called Wi-Fi Protected Access (WPA). Choose that option over WEP if it's offered with your software, as it provides better protection.
You'll be asked to enter a password when you turn on WEP or WPA. You'll need to enter the password you selected during setup into each machine on your network. Microsoft offers a detailed guide on how to do this on Windows XP machines.
Change the default name and password.
Your router comes with a default name and password, which you should change when you set up your wireless network. The name/password feature is part of what's called the Service Set Identifier (SSID), but don't get too tangled up in what all that means. Just pick a new name for your network and a new password.
You can call your network whatever you want, just remember what you named it. You'll need that info to configure your computers.
Most routers also offer Media Access Control, or MAC, a filtering system that determines which computers can access your network. Setting up MAC filtering is relatively easy and definitely increases security. To do so, you'll need the MAC address of the wireless cards in your computers to enter into your router. The MAC address is usually available from the Device Manager you'll see in the Control Panel area on computers with Microsoft operating systems. Sometimes, it's noted on a sticker on the back of the machine.
Don't broadcast your signal.
When you set up your router, you may want to disable SSID broadcasting. SSID broadcasting announces the presence of your wireless network to wireless-enabled devices and allows your computers to connect to the router more easily, but it also makes the network visible to any wireless-enabled device within your router's broadcast range. If you disable it, manually enter the network's name in the wireless networking area of any computer that's allowed to connect to the network.
By doing everything listed above, can I be sure that sensitive data, such as clients' credit card numbers and phone numbers, will be safe?
No. Data is never completely secure on any computer connected to the Internet. The only way to ensure that truly sensitive information is properly protected is to store it on a computer that is offline and kept in a secure location. The next best thing is to set up a virtual private network, or VPN, on your wireless network. Using the techniques above in combination with a VPN creates a strong security barrier for your wireless network.
I often work from places other than my office, is it safe to use public wireless networks, such as those in hotels, airports, or coffee shops? Most public wireless hot spots are not secure. Avoid using them to transmit sensitive information--that is, anything that you wouldn't be happy writing on the back of a postcard.
If you absolutely need to transmit private data, encrypt your e-mail. Encryption scrambles data and makes it unreadable until an authorized recipient decrypts it. Ciphire offers an easy-to-use e-mail encryption program that's free for private users and nonprofit organizations. A paid version is available for enterprise networks and governments that need the highest level of e-mail security possible.
PGP offers an encryption software bundle that quickly encrypts files and also performs a full encryption of the hard drive whenever a computer is turned off, helping protect data if the PC is stolen or lost. Essential Security Software has an e-mail encryption and rights-management product aimed at small businesses that lets users encrypt e-mail and, for particularly sensitive messages, block the recipient's ability to print, forward, take screenshots, or cut and paste information from the e-mail. E-mail can also be set to be unreadable until a certain date and time and can be configured to "expire" after a preset date.
WEP: Wired Equivalent Privacy
WPA: Wi-Fi Protected Access