Home Network Security Simplified
The steps in this chapter are really what most people need to keep their wireless network secure in all but the most extreme cases. The fact is that your SSID can be guessed or discovered, encryption schemes can be cracked (especially WEP), and MAC addresses can be spoofed (via a method called MAC address cloning); but this takes a great deal of skill, time, and money. If you want more protection than this, you can get it, but if you are still worried about wireless security, your best solution might be to stick with a wired network. One additional wireless security measure that you can take that has not yet been discussed is MAC address locking (often called MAC address filtering). Because each wireless card has a unique identifier called a MAC address, and we know what the MAC addresses are for all of our wireless cards, we could instruct the wireless router to only accept connections from our cards and no one else's. This is called MAC address locking. Turning on MAC address locking is not trivial and can be a bit of trouble. Remember, with every security measure enabled, you typically lose some flexibility. For example, with MAC address locking enabled, you need to change the configuration on the wireless router if you buy a new wireless card or device. Also, if you have visitors who want temporary Internet access, you would have to grant them access by adding their MAC address to the permission table. MAC address locking does provide an additional level of protection. If you want to enable it, see Appendix B, "MAC Address Locking for Wireless Security," which is located at http://www.ciscopress.com/1587201364. Click Appendix under "More Information." One final thought for those of you who are really paranoid. There is one way to make your network 100 percent hacker proof: Turn everything off! Going to bed for the night? Leaving town for the weekend? Turn your network off. If your wireless router and your broadband modem are on the same power strip, you can completely secure you network with the flip of a switch. This will not affect anything at all on your network (unless you are running a server, of course), and it gives you complete peace of mind while you are away from your network. Finally, do not forget to write down the information, including the SSID, WEP or WPA passphrase, WEP key, and so on. You will need these at some point when adding new devices or computers to your network. |