Docstoc

Security for Your Wireless Access Point _ Router

Document Sample
Security for Your Wireless Access Point _ Router Powered By Docstoc
					Security for Your Wireless Access Point & Router
Updated by Eric Hwang, RCC (Fall 2007)

Residential Computing

infocard

Disclaimer! Please note that these are general instructions; consult the user manual of your WAP for detailed instructions on each of the topics. Also note that not all the options listed below are offered on every type of WAP. Please consult your manual to see if you have the following options available. Default Password Wireless Encryption
By default, wireless encryption is disabled on most wireless routers. Without encryption, everything you send over the air is sent as is, making it very easy for hackers to eavesdrop on your connection. In addition, anyone is able access and use an unencrypted wireless network. Remember, you are responsible for your own dorm connection and you will be held accountable for any traffic which passes through your wireless access point. While wireless encryption is not foolproof, it is the first line of defense in protecting your wireless network. To setup wireless encryption, you will need to select from one of the following encryption types: WPA2 (Wi-Fi Protected Access) is currently the strongest and most secure wireless encryption standard available at the consumer level. WPA2 encryption should be your first choice if your wireless access point and all of your wireless devices support it. However, if your network suffers from WPA2 compatibility issues, a less secure (but still pretty good) alternative is WPA-PSK encryption. WPA-PSK (Wi-Fi Protected Access-Personal) will solve most compatibility issues as all computers running Windows XP with Service Pack 2, Mac OS 10.3 or anything more recent (such as Windows Vista) should natively support this type of encryption. That said, if WPA-PSK also causes compatibility issues, then your last resort would be to use the outdated WEP encryption standard. WEP (Wired Equivalent Protection) usually comes in two forms: 64-bit and 128-bit, where 128-bit encryption is more secure than 64-bit encryption. Although WEP can be easily “cracked,” keep in mind that it is still better than not having any encryption at all.

This infocard explains the need for wireless access point (WAP) security in the residence halls and outlines some simple solutions for residents to secure access points from misuse by unauthorized users.
An increasing number of residents are bringing wireless access points to the residence halls. Many people, however, have no idea that these wireless devices are very easily abused, since the default settings on the access points provide little, if any, security. There are some simple steps that you can take to better secure your wireless equipment. According to the Residential Computing Appropriate Use Policy that you agree to when signing up for your In-Room Connection, your connection is your responsibility. If hackers compromise your access point, you will have to answer to anything they do. Also, any legal repercussions resulting from spam, denial of service or other attacks made from your access point will also be your responsibility. If you do not have proper security enabled, hackers can use your wireless access point to use your connection and upload and download files at the expense of your bandwidth. It is important to keep wireless devices secure so that others cannot eavesdrop or maliciously use your connection. Several different techniques, when used in conjunction, will allow you to achieve a high level of wireless security. Keep in mind that any one of these methods is far from foolproof, so using them in conjunction is important.

All access points come with a default password to access the configuration program. The most important thing to do when you first get your access point set up is to change the default password to a strong alphanumeric (at least 10 character) password. Default passwords are well known and easily found online. If you don’t set a good password, it defeats the purpose of having security at all, because a hacker can change any configuration and could even lock you out from your own access point.

SSID (Server Set ID)
Access points come with a default shared key called an SSID that is shared among all users of that access point. It is broadcast to everyone within range of the access point. Make sure that you change this SSID from the default setting to, preferably, a random alphanumeric number. Many access points now allow the user to disable SSID broadcast so that hackers have less information about your equipment and setup.

Ethernet (MAC) Address Filtering
When you first signed up for your IRC, you had to get your Ethernet card address first (so that your computer is registered in our database). Some wireless access points can provide added security via an Ethernet address. These access points, when properly configured with your wireless card Ethernet addresses, can selectively allow or block someone to use it by reading the user’s MAC address and seeing if the MAC address is authorized to use the access point. This is another way to prevent hackers from breaking into your access point and using it for illegal or malicious activities, since they will not have the correct MAC address to authenticate with the access point. Therefore, find out the Ethernet address on your wireless card and configure your access point to only allow certain addresses to use it.

Online Versions Available • www.rescomp.berkeley.edu/infocards


				
DOCUMENT INFO