See part I for the beginning of this article.
Enable MAC address filtering - Media Access Control (MAC) address is a hardware address that is unique to every network device. Addressing a computer on a network is actually two parts. The first part is the IP address, which is the Internet Protocol address. This would be an address such as 192.168.0.1. This allows a packet to find the correct network. Then, once on the correct network, the IP address has a MAC address associated with it. As long as an IP address and the MAC address match, the computer can receive a packet address to it. What MAC address filtering does is say to the router, "I will give you the MAC addresses of the devices that I want to allow access to the network." Only those devices reporting the specified MAC addresses are allowed access to the network. This prevents another computer from accessing the network, because when it reports its MAC address it will not be recognized by the router and will not be able to send or receive data packets.
Disable SSID broadcast - Routers will broadcast the SSID so that devices on the network will know what WLAN they are trying to access. If you set the SSID in the device and in the router, there is no need to broadcast this information. Furthermore, by broadcasting this information, it gives a would-be intruder the name and therefore possible access to your connection. As another part of the SSID broadcast and containment, there is an option available to allow the router to not accept the "any" SSID. This feature should be turned off, as well. Now, there is a type of router known as ORiNOCO and Apple's airport that don't call it SSID. Instead, you need to look for the "closed network" feature. By turning on the closed network feature, it disables broadcast of the SSID. The closed network feature also disables the "any" SSID feature, as well.
Use static IP addresses - Most routers default to Dynamic Host Configuration Protocol (DHCP). This feature allows IP addresses to be assigned to the devices by the router. While this is a very handy feature, on a wireless network it can potentially be dangerous. If everything else fails such as MAC address filtering and encryption, an attacker is given an IP address from which they can initiate an attack. The better thing to do is to disable this feature. Every device should have the feature disabled and addresses assigned to them. There are several address ranges that can be used for private networks such as 192.168.0.x or 10.0.0.x. Essentially, you want to pick a range and then assign an address for each device. Furthermore, you want to limit the allowed addresses on the router to only those addresses you have assigned. This in itself is not very secure; after all, there is IP spoofing and even MAC address spoofing. What this means is modifying data packets so that they carry the right addresses with them. The result here is to add multiple layers of protection onto your wireless connection so that it is most difficult for an attacker to gain access to your network.
Go To Page: 1 2
