Sunday, November 27, 2005

Wireless router security

This is my current understanding of how to secure your wireless router.

The routers built-in NAT firewall is very good at blocking incoming probes. It only allows outbound traffic. You might consider adding a software firewall to your wirelessly connected computers to block unauthorized outbound traffic. I recommend the free version of Zone Alarm. Kerio and Tiny Firewall have good reputations also.
http://www.zonealarm.com/
http://www.kerio.com/kerio.html
http://www.tinysoftware.com/home/tiny2?la=EN

Do you need to secure your wireless router? The typical wireless router will only broadcast about a maximum of 300 feet and that’s before it tries to broadcast thru walls. Don’t have any neighbors or streets closer than that? Then I would not be too concerned.

For everyone else: ( Warning – geek stuff.)
Change the routers default user name and password. I write the new names on a piece of paper and tape it to the bottom of the router.

Encrypt the wireless transmissions. If you are using Windows XP Service Pack 2, then use the WPA encryption with a long (up to 63 characters) Pass Phrase made up of RANDOM letters, numbers and special characters. Do not even think of using something that you can memorize. Save this Pass Phrase in a Word or Notepad document and copy/paste it into the router and each wireless adapter. Password protect the document if you are really paranoid.
See this web page for an unique Pass Phrase.
https://www.grc.com/passwords

Not using Windows XP SP2? You can use WEP security but it can be broken by hackers.

I do not recommend hiding the routers SSID or using MAC addresses for security. SSID hiding does not really accomplish much in the way of security and using MAC addresses is a pain to setup and maintain.

Extra points:
Turn off the routers Universal Plug and Play setting. Note that this may break some Internet applications like instant messaging, game playing and possibly music sharing.

After changing and saving the routers settings turn it off and back on to really force the new settings.

Make sure WAN management is off.

Check for updated router firmware every 3 to 6 months.

And as always – make sure you have the latest Windows critical updates installed.


See the following forum for wireless router security. I cribbed most of the above from talks by Steve. Many other forums/web pages on the net also. Google for wireless router security.
http://www.grc.com/x/news.exe?cmd=xover&group=grc.security.wireless


The current ‘hot’ wireless router is the Linksys WP54G. Various models available.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)