Feb 19, 2004

What to look for to secure computer networks

By Rick Dexter
Special to the Times

In last month’s column, I went over a few reasons why home and business users should be concerned about securing wireless computer networks. This month, I want to try to address some of the technical aspects of wireless security, and give you a basic checklist of things to do. I don’t have space to cover everything in great depth, so I’m going to give a brief summary of the things you should look for in your equipment manuals. I’ll give you the “what” and you will need to discover the “how” in your manuals.

For those of you that deal with extremely sensitive information, such as consumer credit information or bank records, I would suggest that you hire an experienced security expert to implement security on your wireless system. None of the security configurations I’m about to outline will keep experienced hackers out of your network if they are determined to break into it. The following suggestions, when properly implemented, will simply keep the casual hacker out of your network.

These steps are designed to cover the biggest percentage of the consumer wireless equipment out there. Some newer equipment may work differently, and professional-grade equipment usually offers many more security options. I would recommend that you do these steps one at a time, and get each step working before going on to the next step.

The first thing to do is to change the default password in your wireless access point (WAP) or wireless router. Use something that is hard to guess, with a combination of letters, numbers and special characters. The password should be at least 8 to 10 characters long, and longer is always better. If you can’t remember it, write it down and store the password in a safe place.

Then, look for a setting that allows you to filter “MAC” addresses. Each network device in a computer has a serial number that is unique to that device. Most wireless equipment will allow you to set up a list of these addresses so that only your authorized network devices can access the central WAP or router. Every wireless equipment vendor calls this process something different, but virtually all equipment has this capability. After you’ve configured this filtering, as a test try removing one of your computers from the allowed list and see if you can still connect.

The next step is to enable wireless encryption protocol (WEP), which will encrypt (jumble) each transmission using a special “key” that you make up. This is often the hardest thing to get working in the configuration, but keep at it. It’s the most important thing you can do to help secure your network. If you have a newer device, you may have “WPA” instead of “WEP”. WPA is essentially an improved version of WEP. Some equipment manufacturers also provide software upgrades from WEP to WPA, and I would consider upgrading to support the new standard because the security is better.

As a final step, change the default security identifier (SSID) of the equipment to something that is also hard to guess. Make sure that all of your computers can still connect, and then look for a setting that turns off “SSID Broadcasts” and set it not to broadcast your wireless ID. Most of the newer equipment has this setting, and if yours doesn’t, check with the manufacturer to see if there is a software upgrade for your equipment.

On a regular basis (maybe monthly or quarterly), change your WAP/router password, WEP keys, and SSID by going through the above steps again.

Lastly, if you need help implementing any of this technical mumbo-jumbo, call someone. Usually, the manufacturer of your equipment is happy to help work with you through the configuration, as long as all the equipment on the network is from that manufacturer. If you have a mix of different manufacturers, it’s best to call a network specialist for assistance.

Rick Dexter is founder and CEO of NDYNAMICS Network Professionals and he lives in Almaden. Rick has over 25 years of experience designing and supporting computer networks, particularly for small businesses and startups seeking reliable and scalable IT infrastructure. If you have a computer question that you would like to have answered in a future column, e-mail it to computerconnection@ndynamics.com.