Step-By-Step: How to Build a Safe, Secure Network
Wireless Network Security 101
If you're running a wireless network with a router connected to the Internet, you have a small two-way broadcasting station that's a tempting target for unscrupulous folks. If you don't take some basic precautions, someone cruising by with a wireless-equipped laptop can freeload on your Internet connection, or gain access to your PCs to steal your data or to use your computer to send spam.
Wireless security is a work in progress, with evolving standards; and given enough time and access, a determined hacker can probably break into your wireless system. Still, you can take a number of steps to make the interloper's job far more difficult.
The settings shown here (from a Linksys WRT54G router) are typical, but check your manual for specific directions on how to access and change your router settings (usually by using a Web browser). For more tips, see "Beating the Wireless Blues."
1. Change the router password. One important (and often forgotten) security measure is to change the default password that lets you access the router settings.
2. Disable remote router access. This won't prevent a determined local wireless user from accessing your router, but it will keep anyone from accessing your router from a remote location through the Internet.
3. Change the SSID and disable broadcasting. The Service Set Identifier (SSID) is the name of your local wireless network. You'll need to know it in order to set up other wireless clients on your network. All wireless routers come with a default SSID that you should change. While you're at it, disable SSID broadcasting, which advertises the network to anyone in the vicinity who is using a wireless-equipped computer.
4. Turn on the firewall. Routers usually have their firewall turned on by default, but make sure that's the case. Also, enable any additional firewall features such as the ability shown here to block anonymous Internet requests. For extra security, run a software firewall on every PC on your network. For more information on how to do this, see "Bulletproof Your PC With a Software Firewall."
5. Enable data encryption. Data transmitted by a wireless network can be read by anyone who picks it up unless it's encrypted. All wireless routers have encryption capabilities. We don't have room here for a full discussion of the various types of encryption, but WPA (Wi-Fi Protected Access) is the standard that offers the most protection of data. Choose 'WPA Pre-Shared Key' for home or small-business networks. (Don't worry about any entries with 'RADIUS' options. Those are for large corporate installations.)
Wired Equivalent Privacy (WEP) isn't as secure as WPA, but if you have older wireless cards on your network computers, you'll have to use it. WEP and WPA aren't compatible.
When you make your choice, additional options and menu items will appear. Check your router manual for detailed instructions.
6. Enable MAC filtering. The Media Access Control (MAC) address is a unique identifying number assigned to each network device. Enabling MAC filtering in your router improves your network's security by accepting transmissions only from PCs with specific MAC addresses. You can also prevent certain MAC addresses from accessing the network.
Using this option takes some work. The MAC address is usually printed on a sticker attached to a network card, or on the bottom of a laptop PC. To find your PC's MAC address in Windows XP, open a command box (Start, All Programs, Accessories, Command Prompt), type getmac, and press Enter. Do this for each PC on your network and enter it in your router's list.