Many have installed wireless network in their homes. The freedom from tangled cables is sweet but comes with a price. A wireless network can broadcast far outside your building. With a powerful antenna and some widely available hacking software, anyone sitting near your installation—or even driving by—can passively scan all the data flowing in your network. Keeping your wireless network secure is no small task, but there are precautions you can take to secure your network as much as possible.

Alternatively, if you’d rather have some fun with those stealing your bandwidth - read this.

The following are some steps you can take to best secure your wireless network. Here are 14 steps to lock down your AP (access point) and make your wireless network more secure.

1. Admin users and passwords - Many people don’t bother changing the default settings admin user and password. This makes your system an easy target. Change default username and passwords. Also use extremely long, random password consisting of letters, number and symbols.
2. Encryption - Every computer on your network should be configured with best security in mind. Make sure that all networking devices support the latest and most secure encryption standards. Look for devices that support WPA or WPA-2 or at least use 128-bit WEP. 64-bit WEP is unsecure and has been exploited as far back as 2001. If you use WEP encryption, change your encryption key once a month. If someone manages to learn your key, they will be locked out again when you change it.
3. Disable SSID Broadcast - Change the default Service Set Identifiers (SSIDs) for your access point. If you have to use SSID then use something less generic such as ‘linksys’. Don’t use anything obvious like your name or phone number. You’re probably better off disabling SSID broadcast all together.
4. Filter MAC addresses - If there are only a handful of people that need wireless access, then Only allow authorized MAC addresses that you identify should have access to your network. MAC addresses can be spoofed, but it would take more effort for someone to try to spoof your MAC address.
5. Limit IP address assignment - Limit the number of IPs that should connect to your network. If you don’t have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have.
6. Upgrade/Updates - Always make sure you have latest firmware recommended by vendor. Sometimes exploits come out that target devices with older firmwares.
7. Disable DHCP - The presence of DHCP is one of the major reasons why wireless networks are so insecure. Any computer that is able to communicate with your router will receive an IP address automatically, and this address will put it on the same network as all of your systems, enabling it to instantly access any unprotected resources on your network such as shares. Therefore, disable DHCP and use static IP assignment to make your network a bit more secure.
8. Do Not Auto-Connect to Open Wi-Fi Networks - Don’t connect to unprotected wireless networks—it’s possible for someone to monitor your Internet usage and even record your passwords. If you do connect to an unprotected wireless network, don’t visit a Web site that requires a password unless the Web site is encrypted. To find out if it’s encrypted, look for a lock symbol in the lower-right corner of your browser.
9. Enable Firewall - Modern routers contain built-in firewall capability, but the option exists to disable them. Ensure that your router’s firewall is turned on. Additionally, consider installing and running personal firewall software on each computer connected to the router for extra protection.
10. Position the Router or Access Point Safely - Wi-Fi signals normally reach to the exterior of a home. A small amount of “leakage” outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
11. Turn Off the Network - Shutting down the network will most certainly prevent outside hackers from breaking in. If you’re taking a long vacation or not going to be home for sometime, consider turning it off.
12. Use RADIUS - Installing a RADIUS server provides another authentication method. The servers tend to be expensive, but there are open-source options, such as FreeRADIUS (www.freeradius.org), for UNIX-savvy administrators.
13. Disable remote administration - Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router. Otherwise, almost anyone anywhere could potentially find and access your router. As a rule, unless you absolutely need this capability, it’s best to keep remote administration turned off.

There are many other precautions you can take to make your wireless network and internet browsing secure. The most important thing to remember is that you’re never 100% secure but you can always stay on top of latest techniques used by hackers against wireless networking. Read my previous article Linux Wireless Network Detectors and Sniffers and put the steps you’ve implemented above into test. It would be interesting to test prior to implementing the steps above and then retest after you’ve implemented all the steps we’ve mentioned above. You’ll be amazed how much more secure your network is now.

The following is a list of open source sniffer applications that can be used to tap into your wireless network. You can sniff from a building across, from the floor above or below you or from down the road. Basically anywhere you can pick up a signal, you can sniff. Keeping your wireless network secure is no small task, but there are precautions you can take to secure your network as much as possible. The first half of this article will list numerous wireless network detectors and sniffers and the second half will provide some tips on how to best secure your wireless network.

1. Tcpdump - a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Probably the most powerful network tool available to date.
2. Ethereal - a network traffic analyzer, or “sniffer”, for Unix and Unix-like operating systems.
3. Kismet - an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
4. RogueScanner - a network security tool for automatically discovering rogue wireless access points by canning a wired network. In addition to finding access points, it will classify all discovered network devices.
5. Wlandscape - a software-tool to collect and visualize informations of wireless networks. It allows to isplay several data, such as their expansion, signal-strength and status. The single wireless networks re displayed on a topographical map.
6. Wavemon - ncurses-based monitoring application for wireless network devices.
7. Hotspotter - passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim.
8. Wellenreiter - a wireless network discovery and auditing tool. Prism2, Lucent, and Cisco based cards are supported. It is one of the easiest to use linux wireless scanning tools available.
9. SSIDsniff - A nifty tool to use when looking to discover access points and save captured traffic.
10. Mognet - wireless ethernet sniffer/analyzer written in Java. Currently being rewritten in C++ It was designed with handheld devices like the iPaq in mind, but will run just as well on a desktop or laptop.
11. WiFiScanner - Just an another passive 802.11b scanner. It can dump traffic in realtime (like tcpdump) and you can change interactively the sniffed channel.
12. Airfart - a wireless tool created to detect wireless devices, calculate their signal strengths, and present them to the user in an easy-to-understand fashion.
13. Airsnarf - a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots. Airsnarf was developed and released to demonstrate an inherent vulnerability of public 802.11b hotspots–snarfing usernames and passwords by confusing users with DNS and HTTP redirects from a competing AP.
14. AirTraf - wireless sniffer that can detect and determine exactly what is being transmitted over 802.11 wireless networks. This open-source program tracks and identifies legitimate and rogue access points, keeps performance statistics on a by-user and by-protocol basis, measures the signal strength of network components, and more.
15. Driftnet - a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic. In an experimental enhancement, driftnet now picks out MPEG audio streams from network traffic and tries to play them.

Every computer on your network should be configured with best security in mind. Make sure that all networking devices support the latest and most secure encryption standards. Encryption is number one defense against someone tapping in and sniffing your network. Look for devices that support WPA or WPA-2 and use extremely long, random password consisting of letters, number and symbols. In the second half of this article, I will provide additional steps you can take to better secure your wireless network.

Firstly, if you’re worried someone is snooping around your network then encrypt your browsing. Type the following in your terminal:

ssh -ND 1500 localhost

and when prompted for password, enter your local password. If you’re using Firefox, go to Tools -> Options -> Advanced -> Network -> Settings and click on radio button Manual Proxy Configuration. At the SOCKS field, enter localhost and port 1500. Save all settings. Starting at this point, all your browser activity is encrypted via the SSH tunnel. This is an easiest and most basic way of increasing security when browsing.

Second, Use 128-bit WEP or WPA/WPA-2 encryption and use extremely long, random password consisting of letters, number and symbols for your access point. Do not broadcast your SSID. Keep it to yourself.

Third, Limit access rights by doing mac filtering. Only allow MAC IDs that you identify should have access to your network.

Fourth, Limit the number of IPs that should connect to your network. If you don’t have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have.

Fifth, Disable remote administration of your access point.

Lastly and the most critical. If you’re router has built in firewall then use it. If it doesn’t then use it on your network and the devices that are attached to it.

There are many more things you can do to further secure your network. The most important thing is staying alert and keep up with the latest security articles and news.

Creative Commons provides free tools that let authors, scientists, artists, and educators easily mark their creative work with the freedoms they want it to carry. You can use CC to change your copyright terms from “All Rights Reserved” to “Some Rights Reserved.”

Creative Commons helps you publish your work online while letting others know exactly what they can and can’t do with your work.

View an explanation of all licenses or license your work.

I wanted to set-up my Ubuntu Web Server with a static IP address so that I could port-forward a few things. Trouble is, with only the command line it’s a little tricky to figure out exactly how to do it. Following are the steps I used.

sudo nano /etc/network/interfaces

Inside the file, you’ll see the following line:

iface eth1 inet dhcp

We want to switch from dhcp to a static IP address. Comment or delete that line, and then add the following to the file:

iface eth1 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1

1. This line states we want to use a static IP address.
2. The static IP address you want to use.
3. The subnet mask.
4. This is the IP address of my router which connects to the Internet.

Save the file and then restart the network settings:

sudo /etc/init.d/networking restart

Job done.