Basic Wireless Security

Since Wi-Fi transmits data over the air, it is much easier to intercept than data transmitted across a wire. Any mobile device can capture data sent across a wireless network. For instance, just look at the list of wireless networks that your phone can see right now. Your phone has the ability to read all of the data transmitted on those networks. It is also a good bet that some of that data is sensitive, such as banking or family photos. So with all of that data travelling through the air, how do we keep it private?

The best way of keeping your wireless data private is to use authentication and encryption. This is the process of encoding the data travelling through the air so that only authorized devices can access it. All modern wireless access points have the ability to use WPA2-AES to secure the network. This is the latest authentication and encryption protocol available for wireless networks and I highly recommend that it be used for home or small office networks. It requires a passphrase to be used in order to access the wireless network, so it is both secure and easy to remember. But like a password, you must choose something that is long and strong.

Now that we have encrypted the data and chose an authentication method that prevents unwanted people on our network, let's look at some other things that can help with security. One of these is called MAC Filtering. MAC stands for Media Access Control, and is the hardware address for the wireless card in your device. You can make a list of all the MAC address for all of your devices in the wireless access point and, in theory, this will keep all other devices from even communicating with your network. In reality, it requires a lot of management and anyone with a protocol analyzer can still determine what MAC addresses are on your network. It is then a very simple process to spoof, or fake, a MAC address and gain access to the wireless network. This is only security through obscurity and is not real security at all. So if you choose to use MAC Filtering remember that it is only one layer in your security strategy.

Remember all of the names that appeared on your phone at the beginning of this post when you searched for a  wireless network? It's that simple to find a wireless access point. If you are trying to secure your network and it is that easy to find it, should you even be broadcasting the fact that you have a wireless access point? Another layer of security that you can add is changing the SSID (name) of your access point, so that it is not the default or doesn't refer to your name or organization. An additional option is to disable the broadcasting all together. However, once again, if someone has a protocol analyzer they can see the SSID when someone connects. Most modern wireless devices are also able to detect "hidden" networks. So applying this process is, again, security through obscurity; but, it is one more layer that can be used with the techniques already mentioned.

Wireless networks have become very popular and standardized. They are easy and convenient to use, and we want to be sure that our data is protected. In order to do that use the latest authentication and encryption protocol, choose a strong passphrase, and change the SSID to something unique. With these basic techniques you are well on your way to keeping your data safe and secure.