The philosophy of security is to strike the delicate balance between cost of protection and usability. Making something very secure is very expensive, but making something very usable means that the bad guys can use it.
The same philosophy goes for a hacker attack - the cost of the attack should always be less then the value of the prize.
Here are 5 rules that maintain a very reasonable level of usefulness of a home Wi-Fi network, while increasing the cost of an attack to the hacker beyond the value of the prize.
- Always choose a non-default non-broadcasting SSID - this will not stop a more efficient attacker, but it will avoid a good number of script-kiddies). A good name is one which contains both letters and numbers, and cannot be deducted from the personal info of owner of the network.
- Always set-up the strongest possible encryption - Choosing the strongest encryption available is always a strong attack mitigating factor. For home users with 802.11b/g LANs, at the moment it is WPA2 Encryption.
- Maintain password complexity and change it often - Always set-up a complex password to WPA2, at least 8 characters long, containing at minimum characters and numbers that cannot be deducted from the personal info of owner of the network. Make a habit of changing it at least once every three months.
- Maintain minimal possible range of the Wi-Fi signal - If the Wi-Fi device permits it, reduce the Wi-Fi radio signal strength to the minimal useful strength - if someone needs to stand in your front porch in order to hack in your Wi-Fi network, they will most probably go elsewhere.
- Treat the Wi-Fi network as hostile - Maintain an active personal firewall on all computers accessing this network as if they will be accessing a open Hot Spot. If not using the network, deactivate the Wi-Fi radio on the computers.
WPA and WPA2
Talk back and comments are most welcome