The ABCs of securing your wireless networkMay 4, 2008 – 9:26 AM
Ars Technica’s original Wireless Security Blackpaper was first published back in 2002, and in the intervening years, it has been a great reference for getting the technical lowdown on different wireless security protocols. As a sequel to the original blackpaper, we wanted to do something a little more basic and practical, because the number of devices with 802.11x support has greatly expanded since 2002. Wireless security is no longer the domain of geeks and system administrators, but is now an issue in the lives of everyday users, from the worker with a home office who wants to keep sensitive files secure to the homemaker who wants to avoid an RIAA lawsuit because the teen next door is a wireless-leeching P2P addict.
In this practical introduction to the basics of securing your home wireless network, we’ll cover the important, high-level points that ordinary users need to know in order to secure a network of game consoles, phones, and PCs. Along the way, we’ll also recap some of the relevant information from the original wireless blackpaper, which I recommend if you want to pursue the topic further. So look through the guide, and if you’re already technically savvy then send it along to your uncle or your sister-in-law, and you may get one less phone call when it comes time for them to set up their new WLAN.
Note: This short guide will focus on securing 802.11g/802.11 draft-n routers, since these are the two most common types on the market today. Most of the information we’ll present should be applicable to older 802.11b or even 802.11a routers as well, assuming that your device’s manufacturer provided appropriate firmware updates.
First things first
The first thing to understand about wireless security is that by default, you have none. The router you buy from Newegg or Best Buy is going to come preconfigured for open access, which means that all of your neighbors can hop on and begin snarfing up MP3s with your bandwidth. This makes the router easier to set up—on a modern OS, you shouldn’t have to do much more than plug in both adapter and router—but it leaves the wireless access point (WAP) completely open to attack. Most manufacturers use a simple login/password combination, and such information is easily available online.
The first step to securing any wireless network, therefore, is to change the default router password. Most manufacturers set the default password to something along the lines of “admin,” “password,” or “changeme,” and the router IP address is almost always a simple variation on 192.168.x.1, where x = 0, 1, or 15. A nonstandard, strong password is no substitute for actual encryption, but it’s a step in the right direction. The next step should be to check for a firmware update for your router, particularly if it’s an older model. Many routers that didn’t support more advanced security settings (i.e., WPA, which I’ll describe later) had such support added via later firmware updates.