Wireless Networking "Best Practices"
[8.01.04: Click here for Version 2.0 of this article. I've updated this list to include many more security measures, tips, and explanations.]
While at the WI legal tech conference mentioned in my immediately prior post, one the best technical presentations I attended was "Cutting The Cord: Wireless Law Practice Is Here!" by Nerino Petro and David Whelan. Not only did they provide great written materials, but they took a very complex, jargony topic and made it understandable.
If any of you are considering using a wireless network (predominantly 802.11a/b/g Wi-Fi), in addition to the articles mentioned in my prior post this week, I've compiled a nice checklist of tasks you should always do when setting up and maintaining your wireless hardware and software. If you don't know how to do these, get someone in who does or as Dale Haag recently corresponded with me, any kid with a Pringles can will own your system. (For even more info, try a Google search for the following: pringles can wireless range).
To make your wireless network the most secure:
(Caveat: I make no guarantees or warranties that this is an all-inclusive list.)
- Change the default SSID (Service Set ID or network name) and encryption keys.
Hackers know all the default values for nearly each make and model, as they are posted all over the Web. If you really want to know, try another simple Google search for the following: default wireless SSID.
- Disable the SSID broadcast.
- Change the default password for the Administrator account.
Again, wireless hackers know these defaults, most of which are simply "Admin". Try a Google search for: default wireless router passwords.
- Enable MAC Address Filtering.
This filters MAC addresses at the access point to allow access to only authorized Ethernet cards. Every Ethernet network card, wired or wireless, has a unique number called a MAC address.
- In addition to MAC Address Filtering, limit the number of allowed connections to the bare minimum needed.
- Enable WEP (802.11b) or WPA (802.11g) 128-bit Encryption.
Please note that this will reduce your overall network performance. However, since Internet speeds via cable and DSL are usually much slower than the maximum Ethernet speeds, it should have no effect on Internet access speed, just on file and print sharing speeds.
- Limit folder/file sharing to the minimum with password protection.
Additional "Must Use" Safeguards:
- Personal or software firewalls, such as ZoneAlarm Pro and Norton Internet Security
- Good antivirus software
- Anti-spyware/malware programs, such as Ad-aware, Spybot Search & Destroy, and PestPatrol
Ongoing Maintenance for the Best Security:
- Keep the personal firewall and antivirus programs updated with the latest definitions.
- Keep up with the various security patches from Microsoft.
- Change the SSID value periodically.
- Change the WEP or WPA encryption keys periodically.
- I've heard some newer wireless access points (WAPs) have a feature for automatic rotation of one or more of these keys, which would definitely make it more challenging to hack. (For you Trekkies, this is akin to rotating the shield harmonics to repel the Borg. ;^)
Naturally, the more secure you make it, the less convenient the setup. But I'll take the extra wireless security anytime, because wireless networks are still horribly insecure compared to wired.