Wireless Security Tips For Your Shop or Home
10/28/2004 Mike Labbe www.getthepictureframing.com
If you use wireless networking technology in your shop, you may be a target for hackers or individuals who may want to harvest your customer and/or financial data.
I was surprised when I turned on my laptop one day, in the comfort of my living room, and found a list of 3 available networks. It turns out one was my network and the other two were neighbors on a different street. The individuals left their wireless equipment with the default settings and were broadcasting their shared drives and printers to the entire neighborhood. The neighbors were equally surprised when I brought it to their attention.
This scenario is very common. In fact, as many as 80% of all wireless networks are easy prey because they have absolutely no security and the default factory settings were never changed. I personally think this is a serious problem, because it allows strangers full access to use your internet feed for illegal purposes. (liability) It also allows full access to copy or erase the contents of shared network drives, such as your POS database or customer list.
Security precautions to take if you have wireless deployed in your shop or home:
-
Enable wireless security/encryption and assign a key. (
MOST important) This is a setting in the router. I suggest choosing the newer 'WPA2' encryption. It will then let you assign an access "key" (password). In order to use your network, each PC will be prompted for this secret key one time. This is perhaps the most important precaution to take when securing your network, to keep unauthorized folks out.
Note: It is best
NOT to use 'WEP' encryption. This older encryption method has been broken, and it would take a hacker less than a few minutes to break through this layer of security. There are various free utilities out there which claim to break through this layer of security in "6 to 30 seconds".
-
Change the default password on your router. This will prevent customers, employees, or hackers from removing security that is already in place (firewall, encryption, etc). What if someone posing to view your art database was actually logged in to your router, removing security so they could later come back at night with a laptop and harvest your entire customer base and pricing data from the parking lot/car?
-
Upgrade the firmware in your router. All router manufacturers periodically upgrade the software in the routers, and it's upgraded in about a minute through their web page. These important updates are released to improve performance and fix security problems. (
http://www.linksys.com/download/ http://kbserver.netgear.com/main.asp http://www.dlink.com )
-
Change the default SSID name of the router and turn SSID broadcasting OFF. (less important) When a hacker sees "NETGEAR" or "LINKSYS" broadcasted, they assume you didn't care enough to set it up properly - and probably have lax security. In addition, it can get confusing if there are multiple networks in range with the same name. Select a unique name. Turning off the SSID broadcasting will discourage most accidental connections, although there are utilities out there to find networks even with this option turned off.
-
Enable the "Wireless Mac Filter" option in your router, and enter all of your machines in the table as the only machines permitted to access your network. (less important) MAC means "Media Access Control address", not to be confused with Apple Mac computers. Each computer on your network will have a unique 12 digit MAC address. Although there are hacking utilities out there to monitor wireless packets and "spoof" a known mac address, it's unlikely that a novice would get around this security block - especially when combined with the other suggestions in this article.
I suggest trying these improvements from a machine that is HARDWIRED to your router, so you don't accidentally lock yourself out during the configuration.
The best way to secure your network and have the fastest performance is with a traditional hard wired approach. While wireless is ok for internet access, it's not very good when using a POS system or database that requires higher bandwidth to communicate with your server. Wireless networks are susceptible to interference from other nearby networks, microwave ovens, garage door openers, cordless telephones, rc toys, etc. Such interference can cause disconnections, slow speed, or file corruption.
Wireless technology is easily hacked, and there's no single way to secure it properly. The best way to minimize problems is to use a multi-prong approach that includes changing the router's default password, upgrading the router's firmware, adding WPA2 security with an encryption key, putting passwords on shared drives, turn off the SSID broadcast flag, and turn on MAC FILTERING in your router so it will only communicate with a list of known computers.
=========