ISPreview - Top 10 Wireless (Wi-Fi) Security Tips
Top 10 Wireless (Wi-Fi) Security Tips
By: Mark Jackson - July 21st, 2008 : Page 5 -of- 5
"keep the allowed IP range to the same size as your network (e.g. two computers would only need two IP's)"

8. Define Static IP Restrictions.

Most Router/AP’s define a default IP range for your wireless network using the Dynamic Host Configuration Protocol (DHCP). This can easily be adjusted in a couple of ways to boost security. Firstly, you should keep the allowed IP range to the same size as your network (e.g. two computers would only need two IP's), thus making it harder for additional connections to establish an easy link. You could also completely disable DHCP and define all your IP’s individually (statically) instead of automatically.

For example, if you’re only using two computers then an IP range similar to 192.168.1.100 > 192.168.1.103 should be enough (Note: some routers will retain the starting address [e.g. 192.168.1.100] for themselves). Different routers will use different default IP’s, do not take our examples as universal.

Router IP and DHCP settings example
Fig.8a - Router IP and DHCP settings example with a range of 10 IP's.

Finally, another clever little trick is to do the above but assign the IP’s manually to your client computers while leaving the first assignable address in the range (e.g. 192.168.1.101) free. This means that any less sophisticated unauthorised connection attempts to your network may automatically default to the first available IP and find themselves on the .101 address.

The advantage here is that you can use the routers Firewall and or port forwarding / management features to limit the access for users on that IP. For example, you could block TCP requests for 192.168.1.101 on port 80, which is used for HTTP (website browsing).

Router service blocking by port example
Fig.8b - Router service blocking by port example.

This wouldn’t prevent an experienced hacker from accessing your network, but it might hinder their attempts and limit any damage. It can also reduce IP address conflicts that sometimes occur with DHCP when a mix of static IPs and automatic connections are used together, making for a more problem free networking experience.

Readers might also like to consider trying DNS Redirector (www.dnsredirector.com), which gives you a bit more control over accessible services on your network and computer.

9. Restrict the Wireless Signal Range.

Most people spend their time trying to improve Wi-Fi signals for better coverage, but if that isn’t a problem then you could always do the reverse and limit the range at which a reliable connection can be established. This makes it harder for any potential hackers to see, access and use your network from outside of your property.

So, rather than placing your access point higher up, instead place it on the ground in the most densely packed and thickly walled area you can find or near the centre of a building. Sometimes it’s also possible to disconnect the antenna and still receive a reasonable signal, although this isn’t always the case and doing so may result in a total loss of connectivity until you reconnect it.

Some modern Router/AP’s also default to a wide radio band (40MHz Channel) and reducing this to 20MHz can limit the signals coverage. It’s also a good idea to use a different signal channel from the default to avoid interference with other networks. Naturally doing any of these will have an impact on your network performance, but that is the intent.

10. Secure your PC.

Don’t forget that securing the physical network is only half the solution and it’s important to apply the same effort with client computers too. Make sure to install good anti-virus software, such as the free AntiVir (www.free-av.com) or AVG (free.avg.com). However, our personal recommendation would go to the commercial product from ESET - NOD32 (www.eset.com), which is both fast and effective.

Just because your router has a Firewall doesn’t mean to say that you shouldn’t install one on the computer; ZoneAlarm (www.zonealarm.com) offers a popular free Firewall for those willing to test. Both Windows XP and Vista also incorporate their own, although these are often somewhat limited in what they can do.

Article Index:
Have something to say? Check out the ISPreview Forum
http://www.ispreview.co.uk/talk

Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms  ,  Privacy and Cookie Policy  ,  Links  ,  Website Rules