How to restrict wireless access

Secure your wi-fi network.

I like the idea of keeping a Wi-Fi network open so visitors can be welcomed into the warm Internet like Elijah to a seder. But for your business, you'll likely want restrict access as much as possible to minimize the risk of stolen data. A Wi-Fi network without a password sends information in-the-clear, meaning that anyone nearby can read it. Here are several ways to close your network's windows to keep pests out.

Hide the SSID. The first, simplest step to keep people off your network is to make it vanish like Lost Island. Connect to your Wi-Fi router's settings page, and visit the wireless settings. Set it to hide your SSID broadcast. When connecting a client, you'll have to manually type the SSID. But since the network isn't listed for you, it won't be listed for casual eavesdroppers either. Still, be aware that it's easy to find hidden networks with a few more steps, so this will only stop casual bandwidth opportunists.

Set a password. If your network is open--it doesn't require a password--all of the data flying through the air is just like shouting across a party. Anyone who wants to listen can hear your conversation. Encrypt the transfer with a password, scrambling the data. The several common methods of encryption perform differently. WEP is the weakest and most easily cracked by a hacker. Avoid it unless it's your only option. WPA provides better protection, but WPA2 is ideal for most simple networks. Add that security in the router settings, likely WPA2 Personal if your small business uses consumer hardware.

Filter by MAC address. And you can allow only known wireless clients into your network by referencing a table of unique MAC addresses. While this identifier can be faked, it's generally a single ID assigned to network-connected hardware at the factory. Connect the wireless client to the router like you normally would, and visit the router's list of clients. The MAC address should be listed there. Copy the address, and open the MAC filter list configuration page. Add each client, then activate filtering, so only devices with those known MAC addresses can connect. Remember to include mobile phones, wireless music players, or any other Wi-Fi hardware beyond laptops.

Tags network securityWi-Fi

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zack Stern

PC World (US online)

2 Comments

Chris

1

This is horrible advice

MAC addresses are unencrypted on every packet sent over a wireless network. There are several tools that let you spoof MAC addresses. All someone has to do is listen into the packets being sent over the air in order to determine a MAC that is accepted on the router.

The SSID was never designed to be hidden, and therefore won't provide your network with any kind of protection if you try to hide it. It's a violation of the 802.11 specification to keep your SSID hidden; the 802.11i specification amendment (which defines WPA2, discussed later) even states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID. And, even if you think your SSID is hidden, it really isn't.

Zack, it concerns me that you are giving this type of advice when you don't seem to know what you are talking about. You don't have to take my word on this, do some simple security reaseach.

DharmaKing

2

Thumbs up!

In addition to the advice given by Zack, I'd also recommend disabling DHCP and incorporate a little subnetting.

--DharmaKing

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?