Saturday, May 3, 2008

Wi-Fi Security - Disabling SSID Broadcast


If you're using Wi-Fi in your home or business you should make sure you take the proper steps to safeguard your network and computers. While many people enable WEP and Authentication on their routers, it's just not enough.

There are always people scanning for available Wi-Fi networks (think about the last time you were on vacation, you were probably scanning for available networks yourself!), and if they can find yours and they're smart enough, they can break in. Here's a few simple tips to help you keep war drivers, and the neighbors, out.

First thing you want to do is change your router's admin password. Every manufacturer has a default password, and every unit they ship is configured with it, so when you're doing the router's initial setup, change it. While this won't keep interlopers from using your network, it will prevent them from getting into the router and changing it's settings.

The next thing you want to do is enable WEP and Authentication. This will encrypt your data and will only allow systems with the right "Key" to access the network. For more information on WEP and other security protocols you should visit the Wi-Fi Alliance web site. You can find a brief overview of WLANS and their recommended security practices here.

The last step is to change the SSID (Service Set Identifier) and turn off it's broadcast. This is the step many users miss.

The SSID is the name of your network, and just like the router's admin password, they all ship with the manufacturers default setting enabled. When you scan for available networks on your computer, it's the name you see pop up on the list. Usually you will see the manufacturers name, D-Link, Netgear or something similar. Sometimes you'll see something clever like jimsnetwork or maryjane. Don't do this. Not only are you making it easy for someone to figure out, you're also broadcasting your personal information to anyone with a Wi-Fi enabled device in your vicinity. I see routers in my neighborhood that are either set to the default SSID, or someones name, and they're unsecured. Don't be these people.

Change it to something random, like bLtzpHk8, and be sure to make a note of it and keep it somewhere safe, preferably with your router's documentation.

Next, you want to turn off SSID Broadcast. This setting is usually on the performance tab of the router's setup. Once you disable broadcast, people will see only the manufacturer's name when they scan, not the real SSID, and they won't be able to connect. You'll have to enter the correct SSID in your computer or phone's Wi-Fi setup to be able to see or connect to the router.

Simple but secure.

No comments: