Saturday, 5 March 2011


What is Wi-Fi?

Wireless Fidelity (Wi-Fi) is a wireless networking standard developed by the Institute of Electrical and Electronics Engineers (IEEE) in 1997. It is a trademark of Wi-Fi Alliance. Wi-Fi means, devices can communicate with each other wirelessly using some wireless networking standards. These standards are 801.11b, 801.11a, 801.11g and 801.11n. At present, 801.11n offers better speed and signal strength.

That’s all about the Wi-Fi to get started because learning and being familiar with the existing Wi-Fi and IEEE standards would be a different topic and of course out of this article scope.

So, let’s get started with Wi-Fi security tips.


Always use branded routers

If you decide to have Wi-Fi Internet connectivity at your home and planning to purchase your own router, then it is highly recommended that you should use branded products only. Never compromise price over network security. Some good examples of Wi-Fi routers are Linksys, Cisco, Netgear, Belkin etc.


Router position and placement

Avoid placing your router near a window, balcony or an open corridor as far as possible. It's a free invitation to users passing-by your area to capture the Wi-Fi signals. So, try to place your router at center of your room.


Backup router’s configuration settings

Some routers have a backup and restore facility for their configuration settings. If possible, take a backup of your router's configuration file on a hard drive or a pen drive, so that default configuration settings can then be easily restored if anything goes wrong while making the configuration changes.


Change default administrator password of your router

Every router has its own administrator password for accessing and configuring advance settings. Most of the time this administrator password is “admin”, “administrator”, “12345” or something like that. Hackers are aware of this situation. So, once they succeed in getting access to your router first thing they might do is that, they can change the default administrator password. After that you can not have control over your own router. Hence, first thing you have to do is change the default administrator password of your router.

While setting administrator password, one important thing you should keep in your mind is that, your password should be sufficiently long, not easily guessable, combination lowercase, uppercase, digits and special characters and of course it should not be very difficult that you only can not remember.


Always use latest compatible encryption Wi-Fi standards

Once you have your own router ready for Wi-Fi connectivity, check for its data encryption policy and standards. In most of the cases, no encryption is active by default. So, you have to choose which encryption standard you want to set for connectivity.

There are number of options available for encryption standards on your router. Such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access-2 (WPA2), Wi-Fi Protected Access2-Pre Shared Key (WPA2-PSK) etc. Use WPA2 instead of WEP because WEP is no longer strong encryption protocol and also vulnerable. Most of the modern routers and computers support WPA2 encryption.


Stop SSID broadcasting of your router

Service Set Identification (SSID) is the name of a Wireless Local Area Network (WLAN). Every Wi-Fi router has a network name associated with it. So, when any computer searches for a Wi-Fi network, it finds a network name. By looking at a network name you can decide which network to connect.

If you stop broadcasting SSID of your router, other people won’t be able to see network name. But before stopping SSID broadcasting, make sure you have already configured your laptop or other wireless peripherals with your router for wireless communications.

In any case, if you decide to allow SSID broadcasting of your router then at least change the default SSID name. So, just by looking at the SSID or network name other users won’t be able to identify who you are. Many people have tendency to keep their name or surname as SSID name, avoid doing that.


MAC address filtering

MAC address means Media Access Control address. It is a unique identifier given to the hardware peripherals by their manufacturers for their identification during the communications over a network. Most of the available routers have this as a built-in feature. You can enable this feature by providing valid MAC address filtering, so that only computers whose MAC address is registered in filtering can get access to a router.

If you are using windows XP, use the following method to find MAC address of a computer,

1) Click on "Start" menu
2) Go to "Run"
3) Type cmd in Run window and hit enter
4) When command prompt window appears then type ipconfig<space>/all
5) In the appeared result you will see physical address, which is nothing but the MAC address of your computer
6) If you are using laptop, then MAC address of LAN Ethernet adapter and Wireless Network Connection Ethernet adapter might be different.


Update router’s firmware whenever available

Whenever routers are introduced in a market, they may have some firmware defects associated with them. This can happen not only with cheap and non-branded products but also with branded and popular ones.

Hence, manufacturers provide security and stability fixes for their routers in the form of firmware upgrades. Firmware upgrade may contain new features which are compatible with today’s new and upcoming protocols and standards.
 
So, download and upgrade your router’s firmware against availability. But before doing so, make sure you are downloading it from verified and trusted sources. Never download a firmware from third party websites even if they claim that it’s a genuine one. Because by doing so, you are not only going to mess up with your router but also will lose the warranty of your router as well.


Switch-off your router when it is not in use

If you are not using your internet connection, then it is a best practice to switch of a router.It will not only restrict the unauthorized users to get access to it but also saves your electricity bill as well.


Turn-off your laptop's Wi-Fi switch when not in use

Every laptop has a toggle switch which turns Wi-Fi connectivity on or off. Turn-off your laptop's Wi-Fi switch when you are not connected to any Wi-Fi network, especially if your laptop is running on battery power. Because, if your laptop's Wi-Fi switch is on then it constantly searches for nearby Wi-Fi networks. By doing this, you can preserve your laptop's battery power also.


Turn-off router’s Wi-Fi transmission when connecting computer directly to router.

Some routers have a facility to turn-off Wi-Fi transmission. If you have Wi-Fi router but you are using Internet connection by simply connecting your computer with LAN cable, patch cord or RJ-45 cable, then it is better to turn-off the Wi-Fi signal transmission from router itself.

I know it seems to be foolish thing doing this, but most of the people have Wi-Fi connection at home but computer with no wireless network adapter/card installed on it, in that case it is useful.


Do not auto connect to any open Wi-Fi networks

Most of the computers have setting to automatically connect to open Wi-Fi networks without user intervention. By looking at this, it may seem fascinating to you since it allows you to use Internet without providing any network name and password for it. But it is not a secured way because you may never know when you are actually get connected to open networks even if you did not wish to be connected.

Therefore, turn this feature off and connect to Wi-Fi networks by explicitly specifying their names and pass phrases.


Be careful at public Wi-Fi networks

Public Wi-Fi hot-spot or simply hot-spot is a place where Wi-Fi Internet connectivity is available for users.

Even though hot-spot is a convenient medium of Wi-Fi Internet connectivity for general users, it can be misused as a stealth weapon by professional hackers to set a honey spot.

Because hackers deliberately keep some Wi-Fi networks open in order to encourage people to connect to it. After connecting to such Wi-Fi networks, hackers can then start their activities without blowing their cover like they can install malicious software on your computer and destroy the data, they can steal critical information from your machine or even in a worst case scenario they can take full control of your computer whenever you are online.

So, think 10 times before connecting to any free Wi-Fi hot-spots and if you are unsure about authenticity of a network then don’t even think about it.


Use VPN

Virtual Private Network (VPN) is a technique of encrypting communication between two or more computers over a wired or wireless network through a secured tunnel. When a data is transmitted wirelessly from one computer to another computer over a network, some data packets may get captured by Wi-Fi snoopers using advance tools and techniques. Hence if the data is not encrypted, snoopers can misuse of it. Therefore, if possible use VPN tools. One of the best free open source VPN software is OpenVPN.


Disable DHCP

Dynamic Host configuration Protocol (DHCP) is a network protocol which allows host computers connected to router to obtain an IP address and join the network without needing to know the router or Access Point (AP) information.

As far as possible, use Static IP address and disable DHCP service for better security. If static IP is not available to you then at least limit the DHCP IP users of your network. For example, if you have one desktop and one laptop at your home, then give DHCP IP address as 2. So that, only two computers can gets access to your network.


Disable Remote Administration

Using remote administration option you can control your computer from a remote location. This technique is helpful in some cases for example; if you want to troubleshoot your client's machine from your office location or you may want to show a PowerPoint presentation to your client, so on and so forth. But, if you are not going to operate your computer remotely, then it’s better to disable remote administration option.


Keep your operating system up-to-date

Once you have operating system installed on your machine, it’s your duty to keep it up-to-date. Install Service Packs for your operating systems whenever they are available.Service Packs mostly contains various stability and security fixes to your operating system. Also, manufactures of operating system delivers hot fixes or patches at regular intervals, install them to reduce vulnerability of your operating system. Always use genuine operating system.


Perform Wi-Fi audits at regular intervals

Even though you have taken care of Wi-Fi connectivity, but in real time, some signals may get lost before even they reach to the destination. So, make Wi-Fi audits often in order to rectify signal leaks. You may use Wi-Fi auditing software available in market.


Use good antivirus and firewall

Having latest configuration desktop or laptop with Wi-Fi connectivity is not sufficient. You need to have strong protection against malwares and network intrusions also. Install good antivirus and firewall on your machine. Use branded products only. There are lots of choices available in market for antivirus and firewall. Those products need not be always the paid ones. Some of the good examples of free antivirus products are Avira Antivir Free, Avast Free antivirus and for firewall you may opt for COMODO firewall, Zone alarm free. But before using any of these, just make sure you use them only for personal use and not for commercial use.

I am neither a hardware marketing person nor a certified network administrator; I am only sharing these tips with you for the sake of Wi-Fi security awareness only.

Using above preventive measures you might not be 100% free from any Wi-Fi hacks, but applying those techniques will definitely add a layer of security to your Wi-Fi connectivity.

After all, something is better than nothing.

Good luck and have a happy Internet surfing.