5 Rules to Home Wi-Fi Security

The philosophy of security is to strike the delicate balance between cost of protection and usability. Making something very secure is very expensive, but making something very usable means that the bad guys can use it.
The same philosophy goes for a hacker attack - the cost of the attack should always be less then the value of the prize.

Here are 5 rules that maintain a very reasonable level of usefulness of a home Wi-Fi network, while increasing the cost of an attack to the hacker beyond the value of the prize.

  1. Always choose a non-default non-broadcasting SSID - this will not stop a more efficient attacker, but it will avoid a good number of script-kiddies). A good name is one which contains both letters and numbers, and cannot be deducted from the personal info of owner of the network.
  2. Always set-up the strongest possible encryption - Choosing the strongest encryption available is always a strong attack mitigating factor. For home users with 802.11b/g LANs, at the moment it is WPA2 Encryption.
  3. Maintain password complexity and change it often - Always set-up a complex password to WPA2, at least 8 characters long, containing at minimum characters and numbers that cannot be deducted from the personal info of owner of the network. Make a habit of changing it at least once every three months.
  4. Maintain minimal possible range of the Wi-Fi signal - If the Wi-Fi device permits it, reduce the Wi-Fi radio signal strength to the minimal useful strength - if someone needs to stand in your front porch in order to hack in your Wi-Fi network, they will most probably go elsewhere.
  5. Treat the Wi-Fi network as hostile - Maintain an active personal firewall on all computers accessing this network as if they will be accessing a open Hot Spot. If not using the network, deactivate the Wi-Fi radio on the computers.
NOTE: The value of the prize is a very relative item. While these rules are quite effective for a home network, without any business or highly valuable data, they are not at all effective for securing a corporate Wi-Fi network. For these networks, the value of the prize still is by far greater then the costs and risks needed to overcome the obstacles presented in this post.

Further reading
WPA and WPA2
Password Strength

Talk back and comments are most welcome

3 comments:

DoFollow Blog said...

Nice articles, thanks for share :)

WiFi Bulk said...

That's a good post. Hope you share more thing about Wi-Fi.

id said...

While you have some very good "rules" here, I strongly disagree with parts of your first rule. It is a good idea to pick something for an SSID that does not readily identify your home as the owner of that network and to not use the default one. Lengthy or alphanumeric combinations for an SSID do nothing for security (save it for your wireless encryption key) and not broadcasting the SSID is as beneficial as MAC address filtering (in other words, not at ALL). Not broadcasting your SSID will cause you more much more grief than the negligible security benefits it provides.

Designed by Posicionamiento Web