When attempting to set up a wireless network, there are few things to keep in mind. This is a high level overview of the different parts of a wireless network. Trying to cover all the details about how to set up the network for each router would take more than this post. Instead I will cover the network details and security considerations, and more importantly how wireless is not entirely secure. This does not cover all the different networking considerations in detail, but is more aimed as a starting point for learning about wireless networking.

The first thing to consider is the network name or Service Set identifier (SSID). The SSID is what identifies the wireless network and how the computer will find it. For security purposes you can choose to not broadcast your SSID. Though this does hide your SSID from your neighbors, your computer will broadcast the SSID when it attempts to find the network and this lets everyone know that you have a network with that SSID.

The next consideration is the type of encryption to use, Wi-Fi Protected Access (WEP), Wi-Fi Protected Access (WPA), or WPA2. WPA2 should be used were possible and most wireless network devices now support this encryption protocol. WEP and WPA-PSK both have known security vulnerabilities that should be avoided where possible. Even WPA2-PSK is susectiple to a brute force attack.

The second part of the encryption setup is to select an algorithm. Temporal Key Integrity Protocol (TKIP) has known vulnerabilities and can be broken so it should be avoided at all costs. Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government and is the algorithm that should be used.

One can also filter out devices based on their Media Access Control (MAC) address. A MAC address is the way a device identifies itself before it is assigned an IP. It consists of six groups of two hexadecimal digits, call octets. The first three octets usually identify the organization and the remaining three identify the device. This means that devices can and will have duplicate MAC addresses with other devices. Also most devices can change their MAC address, to workaround having two devices with the same MAC address. Also, your device broadcasts its MAC address when it first comes online in order to get an IP from the DHCP server. This will allow someone to get your MAC address.

So a nefarious person can easily get your MAC address and SSID and then launch an attack against your password with a brute force attack. However, it might be a bit painful and is more likely security through obfuscation, in this case some security is better than no security. Personally, I suggest hiding your SSID, use WPA2 with a large network key, and use a MAC filter. This should keep out most people, but a dedicated attacker will more than likely get into your network.

Reference:
Advanced Encryption Standard
MAC address
Service set (802.11 network)
Temporal Key Integrity Protocol
Wired Equivalent Privacy
Wi-Fi Protected Access

Leave a Reply

You must be logged in to post a comment.