Thursday, December 09, 2004

Tips for Home WiFi Networking


Home Network
Originally uploaded by tcossey.
Another hot topic at the moment is wireless networking, with so may wireless products on the market at such low prices, home users are plunging into this type of networking without realising the risks of exposing your computers to unauthorised access from 'hackers' or just the 'curious' techie who lives next door..

All wireless networks (WiFi) depend on radio signals instead of copper wires to transmit information between endpoints of a connection, this means anyone with a WiFi card in their laptop / desktop computer can try and connect to your WiFi network. The wireless standard 802.11b/g has inbuilt features which try and make life on wireless as 'private' as possible but here are a few tips on those features.

1. OUTSIDE Firewall - Where possible place your WIRED network on the inside of a firewall with the WIRELESS network on the outside to prevent your wired network from being part of the WiFi coverage. At home i have a Linux floppy based firewall siting between my wired and WiFi networks at home. See the diagram with this post.

This topology allows the wired network users have a wired gateway IP (192.168.1.1/24) to access the upstream internet connection AND the WiFi users (2 x laptops) have a gateway (192.168.0.1/24) to access the internet. However laptop WiFi users cant access the wired network facilities due to the firewall traffic restrictions.

2. WEP or WPA - Enable this feature in your WiFi access point (AP), this allows Wired Equivilent Privacy encryption to be applied to each WiFi connection passing across the AP. Its a pretty weak protocol and can be broken by determined hacker, however use 128Bit encryption if available. If possible, you should use WPA encryption (most older equipment can be upgraded to be WPA compatible). WPA fixes the security flaws in WEP (but it is still subject to DOS (denial-of-service) attacks.)

3. AP Admin - On your access point there will be an admin facility accessable by a web browser or application, please DO change the admin password from the default and use something obscure.

4. MAC Lmits - On some AP's you can limit access to the WiFi network via MAC addresses that you define. MAC addresses are the unique number assigned in hardware to every WiFi card. Most WiFi cards have these printed on the card itself or the packaging.

5. VPN - For ultimate security wrap all your WiFi traffic in VPN encryption. This is too much to explain here and a little complex for non tech home users.

6. Patch and Protect Your PC: As per a previous post you should have personal firewall software such as Zone Alarm Pro and anti-virus software installed on your computer. As important as installing the anti-virus software, you must keep it up to date. For Microsoft operating systems you can use Windows Update to try and help keep you current with patches.

Hope this helps with WiFi at home!

No comments: