Home Wireless Network Security

There are two basic schools of thought out there in the wireless network world;
one suggests that we should share connection points as much as possible, and
the other says that doing so is a security risk, and limits the use of our own
bandwidth. What ever your particular take on the issue is, you should know something
about wireless network security for your home computer; whether you utilize
it or not after that is up to you.

Once you have your Cable/DSL modem working and plugged into your wireless router
setup for DHCP connections, then you already have one level of security installed.
Using a router, any type of router, sets up your home network (intranet), and
allows the computers in your home to connect to the Internet (the world wide
network). Each of your computers on your home network will have an IP address
that starts with 192.168.xxx.xxx This address is called an Internal address,
and connections from the Internet can not be made to Internal IP addresses.
It is your router's job to use NAT (Network Address Translation) to connect
to the outside. Your Cable/DSL modem has an address as well, and it is an outside
Internet address. All traffic comes through the modem, to the router, the NAT
translates addresses and sends the messages to the right computer.

With a router you also have something called Port Security. Web traffic travels
on port 80, while FTP travels on 21; there are games out there which use other
ports as well. These ports are connection points on your computer. The router
can turn off ports that you don't use.

It use to be that your internal network was secure because in order to access
it, a direct connection into the router using a wire/cable was required, but
now we are wireless. This is where wireless networking security comes into play.

The main security system on most routers is called WEP (Wired Equivalent Privacy).
This is the easiest to setup for your home computers. Find the security setup
area of your router, and look for the WEP setup. WEP creates an encrypted key
using a Pass-phrase as the seed for this key's creation. The Passphrase can
be anything; dog's name, street address, ... anything. Make it something that
you are going to remember, but not something easy to guess.

You will also be asked to choose a Key Number, between 1 and 4. Choose 1 to
start, and you can come back to change this later if you wish. In the beginning,
the WEP key number was meant to help facilitate changing the key across the
network. Rather than switch every station to a new key simultaneously, the new
key could be defined across the network and stations could be gradually switched.
If, for example, an organization used key number 0 and wished to change it,
key number 1 could be defined on the network. Rather than change all stations
at the same time to the new key, stations could be configured to start using
key number 1 during a defined transition period. At the end of the transition
period, key number 0 would be disabled. None of this has much to do with your
home network, but you are going to need to know the key and the key number when
you are setting up your home computer to connect through a WEB secured router.

You are also going to need to set, and remember the encryption type; there
is 64 and 128 bit encryptions. Choose 128 for higher levels of security (in
your home network this is rarely an issue, but if you have 128 available, you
might as well use the best).

Once these are all decided, then your router is going to give you a long string
of numbers and letters. Something like: c005cec9af8cec6698a3d854e4. Make sure
you copy this exactly, noting the key it is one, and the type of security used.

Once you have made sure that you have all of this information, then you can
tell your router to save. If you are doing this wirelessly, you just lost connection
to your router. Most of the time, you want to make changes like this to your
router via a connection using a line. Not to worry, we wrote down all of the
information exactly (right?) so we can re-establish connection. Reboot your
computer, and your wireless connection will now ask you for the Connection Key..
type it in (probably have to type it in twice) and you will make connection.
Really that's all there is to it, just do this with the other computers in your
home and you are up and running.

From this point, only computers which are able to produce the Key are going
to be allowed to connect to your home computer or use your router for Internet
access.

There are a few other security types on wireless routers these days and there
are some issues discovered with WEP. For home network security, WEP is probably
good enough, even though with enough time and skill, WEP could be broken (that
is a great deal of time and a great deal of skill). Again, WEP is going to be
good enough for your home network. If you are still doubtful however, we can
make this security even tighter using MAC address filtering security.

Every network card has a hard-coded address called a MAC address. This address
is unique to the card, and every card is different. To find the MAC Address,
you can look at the physical card (for a PCMCIA card, just pull it out and look
on the back). If you can't find it, then start a command line (DOS Prompt) and
type in ipconfig /all ... the number for Physical Address is the devices MAC
address. For the Router you will want to take out the dashes.

Using your router software, find the filtering area and put in the MAC Addresses
for all of your home computers. From that point, the router will only talk to
devices that have one of those MAC addresses; using this with WEP seals up your
network pretty good.

We'll talk about other methods of wireless security in future articles. If
you have specific questions, please visit our
Help Forum.