Many of us have replaced the jungle of network cabling with wireless networks. Hardware for these systems is affordable and easy to install. In fact, especially in most small office/home offices (SOHO) and despite security fears, I rarely consider hardwire cabling as a practical office configuration. Just like any technique, careful site preparation will thwart most security intrusions. I follow a short, simple checklist to lock down the typical SOHO wireless network. In general, never use the factory-set, default password/configuration provided by your network hardware manufacturer. Once an outside agent has said, identified the manufacturer of your wireless hardware, consider your system compromised. Make your network as private and “eccentric” as you can manage without shooting yourself in the foot! Consider the following issues -

Control the house key to the door – strong, revolving passwords

Refer to my article on this site, Practice “strong” Computer Security without Heavy Lifting (remembering) Passwords for suggestions in managing password/access codes management.

Control location of door number– IP address

Change the manufacturer-provided/recommended IP address range (usually a private class “C” 192.168.0.x range) to the lesser known private class “B” 172.16.x.x – 172.31.255.255 for each of your devices. Avoiding technical issue of subnetting and using decimal equivalents to hexadecimal numbers in this article, I recommend that you write or “hard-wire” an IP address for each device on your SOHO network using, for example, 172.17. x. x where you replace the third and fourth x with a number from say, 5 to 200. Thus, for example, I would assign my laptop, desktop, and printer IP addresses to 172.17.2.172, 172.17.2.173, and 172.17.2.174 (using 255.255.0.0 as the subnet mask) respectively. Use of a “private” IP address range and the added “confusion” in switching from a class C (the typical range for SOHO) to a class B range helps separate your personal configuration from more “common” network setups. Keep it simple. These IP addresses are like sequential house numbers on a street; they are NOT security codes.
Furthermore, most SOHO configurations are static; device additions or changes are rare. Since you have “hardwired” your IP addresses, you should disable the Dynamic Host Configuration Protocol network service that “automatically” generates IP addresses when a device “joins” your network.

Control the doorknob – MAC Filtering

Control which laptop device can “join” your network through a specific IP address you designate by monitoring its “hookup” to the network. Laptops and printers use a network adaptor to “hook into” or connect to the network through a specific IP address. A particular network adaptor using a “known” media-access control (MAC) id number (address) will be recognized as acceptable by that network filter and allowed connection. Filtering MAC addresses provides yet another deterrent to intrusion by outside agents.

Control finding the door to the building – SSID

Wireless networks by default broadcast a beacon ID (service set identifier, SSID. An acceptable or “friendly” network device will “search” for and attempt to connect to this is SSID. As cited earlier in this article, ANY knowledge about your network characteristics potentially compromises your security. As with other manufacturer defaults, change the default SSID name especially if, say in a neighborhood, your SSID can provide clues to your physical (home) location. If possible, disable the SSID broadcast entirely. Your network may still broadcast its presence as an Unnamed Network BUT an outside agent will have to know your correct SSID to attempt to join your computer “space”.

Control listening by putting your ear to the door – WEP

Despite documented criticism, wired equivalent privacy (WEP) is still the easiest way to deter common, unintentional privacy intrusion. In a low-risk SOHO configuration, its use provides yet another layer of “barbed wire” around the “perimeter”. ALWAYS use 128-bit encryption and consider a long phrase with numbers as a key; for example, “To be or not 2 be, that is the $#%@ question”

In summary, you will never successfully stop a dedicated, professional computer security attack but you can provide enough obstacles to make him/her question the value in time and effort of his/her hacking exploit. The recommendations outlined above follow good computer security. Consistent practice of these simple rules will help safeguard your computer system and your intellectual property.

Note: This article was reprinted with either private license rights or permission from the author.