Feb 12,2003
* In my last entry, I mentioned that I was configuring a wireless access point (actually the piece of equipment is a wireless “router”, but I’ve configured it as an access point) to be able to roam about the house with my laptop still connected (albeit wirelessly) to the network. What’s the first thing anybody does when they get their wireless connection working? Right! I ran around the house with my laptop in hand, checking my signal strength. (okay, I didn’t exactly run, more like I walked quite cautiously with the laptop) I was a bit surprised to see how well the signal propagated throughout the house. Not a single dead spot! The signal was excellent even out on the back porch. Now, I have not positioned the access point to optimally broadcast a full lobe in all directions, in fact it is in the basement against a concrete wall, situated about five feet below ground level. At this point I figured it might be a good time to see just how far the signal propagated at a level that allowed network connectivity. I quickly configured the laptop and wireless card to monitor the entire range of spectrum covered by the 802.11b range (with the help of some excellent -and widely available open source tools). I set the laptop on the passenger seat of the van and drove around the neighborhood. At this point I was truly shocked to see that my signal was available from as far as five houses away. The other thing that I found quite suprising was the number of other access points I was able to locate merely by driving a few blocks.
Several of these other access points were still set to their default configurations, and thereby allowing just about anyone to utilize their internet connection. So, as an FYI, here are a couple of recommendations that every wireless access point user needs to remember:
o Change the SSID, but don’t change it to personal information like say, your address or your last name.
o Enable WEP to encrypt your connection, but don’t rely on it to protect you, because it won’t. If you buy your sweetie a gift over the web, and you use your credit card, that number can very easily be grabbed, and the level of encryption utilized by most wireless routers is quite easy to defeat.
o Disable DHCP. This is the mechanism that allows the router to indiscriminately hand out connections to just about anyone who wants one. Including encrypted connections. Choose a non-standard sub-net and assign a static IP to your laptop or desktop. Sure, DHCP makes connecting easier, but not just easier for you, easier for anyone driving by.
o Last, but not least, enable MAC address filtering. This tells the router to only accept connections from a specific network card (each card has a unique, identifying address that is seperate from the assigned IP). The drawback is that if your network card goes bad, and it needs to be replaced, you need to have an alternate method of connecting to the router to change the list of acceptable MAC addresses.
Like everything else, even a MAC address can be faked, so take this all with a grain of salt… These steps will NOT, I repeat WILL NOT guarantee that your network won’t be compromised, but these steps will make it more difficult for your assets to be abused. Comments? Corrections? Please add them below!
Entered at 16:54PM
February 12, 2003 12:10 am 
Subscribe