How to restrict wireless access
- — 06 December, 2008 10:34
I like the idea of keeping a Wi-Fi network open so visitors can be welcomed into the warm Internet like Elijah to a seder. But for your business, you'll likely want restrict access as much as possible to minimize the risk of stolen data. A Wi-Fi network without a password sends information in-the-clear, meaning that anyone nearby can read it. Here are several ways to close your network's windows to keep pests out.
Hide the SSID. The first, simplest step to keep people off your network is to make it vanish like Lost Island. Connect to your Wi-Fi router's settings page, and visit the wireless settings. Set it to hide your SSID broadcast. When connecting a client, you'll have to manually type the SSID. But since the network isn't listed for you, it won't be listed for casual eavesdroppers either. Still, be aware that it's easy to find hidden networks with a few more steps, so this will only stop casual bandwidth opportunists.
Set a password. If your network is open--it doesn't require a password--all of the data flying through the air is just like shouting across a party. Anyone who wants to listen can hear your conversation. Encrypt the transfer with a password, scrambling the data. The several common methods of encryption perform differently. WEP is the weakest and most easily cracked by a hacker. Avoid it unless it's your only option. WPA provides better protection, but WPA2 is ideal for most simple networks. Add that security in the router settings, likely WPA2 Personal if your small business uses consumer hardware.
Filter by MAC address. And you can allow only known wireless clients into your network by referencing a table of unique MAC addresses. While this identifier can be faked, it's generally a single ID assigned to network-connected hardware at the factory. Connect the wireless client to the router like you normally would, and visit the router's list of clients. The MAC address should be listed there. Copy the address, and open the MAC filter list configuration page. Add each client, then activate filtering, so only devices with those known MAC addresses can connect. Remember to include mobile phones, wireless music players, or any other Wi-Fi hardware beyond laptops.