As the investigation of recent Delhi blasts progressed, interesting developments took place that need to be taken care of. The mail sent by terrorists to the news agencies was through an unsecured wifi connection. This can happen from your home tomorrow! Some precautionary measures will ensure a relatively safe wifi account.
1. Change default router password.
Not many of us change the default password that is highly likely to be cracked down. Use special characters, digits and letters in good mix for a strong password. The same is applicable for user name as well (if you've an option to change it).
2. Rename the SSID on the router
Change the default name of SSID (service set identifier). With broadcasting off, wireless clients must first know the SSID before they can connect. If you have multiple PC's on your home network simply type the new name in your wireless client's setup to connect to your router when SSID is disabled.
3. Enable infrastructure mode
When using the "ad-hoc" mode, which lets clients set up peer-to-peer networks, rogue users will be able to connect to your network through a legitimate wireless client. This setting configuration can be found on your PC wireless network card.
4. Use MAC addressing filter on your wireless router
Many routers let you restrict access to known MAC (Media Access Control) addresses. Each network device, such as a computer network card (NIC) has a unique MAC address. By allowing access only to pre-defined MAC addresses you can reduce the risk of rogue clients connecting to your home network.
5. Change the default router IP address setting
Router manufacturers set every router with an IP address. For example, Linksys routers are configured with an IP address of 192.168.1.1. These address settings are well known and published, and can be easily discover by hackers if they know the router manufacturer and type.
Changing the IP address during the setup process, for example to 192.168.80.1 does not secure the router, but will make any attackers guessing for the IP address. Changing this setting, will automatically change the DHCP IP addresses handed out by your router to PC's allowed on your network.
6. Use WPA or WPA2 encryptionWhen possible use WPA or WPA2 PSK over WEP (Wired Equivalent Privacy). Both Windows XP and Mac OS X support them, along with any access point manufactured within the past few years. WPA and WPA2 both have a mode called the PSK mode that will allow you to use a password in lieu of using a full-blown 802.1X setup, which is perfect for the home user.
If your hardware does not support WPA2 use WPA. Creating a strong shared key (PSK) will lessen the chance of attackers successfully breaking in to your network. If you router only supports WEP, and your concerned about security, considered upgrading to a new router along with your PC NIC cards.
7. Firewall, HTTPS settings
Make sure HTTPS is enable for connecting to the router administration setup over your local network. Verify the firewall is enabled and all incoming ports are blocked. Disable remote access over the Internet setting.
If for any reason you need to provide remote access via the Internet, enable it only when needed and change the default management port setting to something other than 8080.
8. Enable and monitor your wireless access logsCheck your logs frequently for rogue access points (AP) or clients attached to the network. If you spot unknown clients or AP's connected to your network, change your WEP or WPA code, and do a little detective work in identifying unknown connections to your network.
Also check the status screen that shows the MAC addresses of all clients currently connected to the network and verify they are known devices.
9. Backup your router configuration settings
Although, not considered a security setting, backing up the router configuration before making changes will allow you to easily restore the settings in the event you make a mistake. This will prevent your router from being vulnerable if you are unsure about any changes you have made.
10. Turn off your router when not in use!
P.S: Most of the information used is from http://www.watchingthenet.com/10-tips-to-secure-a-home-wireless-network.html
Avoid peeping, enjoy browsing!!
No comments:
Post a Comment