|
It's extremely easy to ascertain is someone is using your Access Point.
Just check the association table. If any clients you don't recognize are "associated", then they are POSSIBLY using your wireless.
There are a number of steps you should undertake to secure a home WLAN anyway.
1) Change the default SSID
All Access Points come with a default SSID (think of it as a "name") out of the box. The SSID is used to identify the 'cell'. This default SSID should be changed. Use something that is relevant to you. This is NOT really adding any security, but is simply best practice.
2) - Disable SSID Broadcast
By default, your AP will probably "broadcast" the SSID. Effectively it is saying "Look everyone! Here I am! Come and connect to me!". This is fine for public hotspots etc, but you don't really want or need it for home deployments. Simply disable SSID broadcast if possible (some models may not support this). Again, this does not really improve security, but is considered best practice.
3) Enable WPA (or WEP in "worst case" scenario)
If your Access Point supports WPA (WiFi Protected Access), then you should definitely enable it. For home use, this will be in what is known as "WPA-PSK Mode". The PSK stands for Pre-Shared Key. This means you will need to define a phrase or "key" to be entered on both the Access Point and your clients. This is then used (in the background, so you don't hvae to worry about it) to automatically generate new WEP keys every so often.
When choosing a pre-shared key (sometimes known as a phrase, or pass-phrase, or key), the longer the better. Ideally you should use something at least 20 characters long and that mixes upper case, lower case and numeric characters. Something like "Idon7WnthacK3rz!" (I don't want hackers). This is JUST AN EXAMPLE, but you get the idea.
If your Access Point does NOT support WPA (an old model for example), then configure 128bit WEP on both your AP and client and change it regularly. This may be a pain, but it's worth the extra security.
4) Enable MAC address filters
If you Access Point supports it, enable MAC Address filtering. You will need to know the MAC address of your own computers and input them into a table on the Access Point. Effectively you are telling your Access Point to "only allow these devices" to associate.
5) If possible bring down transmit power
There's no reason to be blasting out your signal at 100mW if you don't need to. Why extend your radio cell into the neighbourhood if you only want to cover your living room? This may require a little experimentation, but it's worth it.
6) - Lock data rate
This may not be suitable, but many users lock their data rate at 11Mbs (for 802.11b) or 54Mbs (for 802.11a/g). This means you either connect at that high speed, but nothing lower. This means that the area covered by the cell is smaller and "tighter". Alternatively, step it down one level.
The more data rates you support (or "allow"), the "bigger" your cell and the more likely that devices far away can associate; ie, hackers across the road.
Once you follow all (or most) of the steps above you shall mitigate 99.99% of most hacking attacks; these tend to be opportunistic in any case.
Any more questions on WLANs or security related topics, let me know...
Mr Mephisto
|