I’m sitting in front of my laptop in a hotel room in California and decided to see if I had any kind of wireless network available to me. I turn on my wireless network adapter and low and behold NetStumbler picked up three wireless networks. One of these networks had no kind of wireless security whatsoever. The next thing I knew was that I was surfing the web and hitting up chat rooms on a wireless network with “very low” signal strength. I spent a week out in California surfing the Internet for free.

I get home and decided that I enjoyed surfing the Internet so much from anywhere inside or outside of my hotel room that I was going to get a wireless access point (WAP). Not that I needed one though. When I turned on the wireless network adapter in my apartment NetStumbler picked up four wireless networks with one being totally wide open. That wide-open wireless access point was a Linksys 802.11b device. Being that it was Linksys I attempted to login to it and had no problem using the default Linksys password (admin). From there I could have totally owned that device.

When I purchased my Linksys wireless access point my very first concern was wireless security. Not only is the wireless access point an easy way into the network but my WAP was going to sit behind my firewall until I can get my hands on a decent Cisco router.

So after the initial setup of the WAP I started the bastion process. My first concern was WEP. I setup a hard to crack key on the wireless access point and then copied that key over to the laptop.

WEP is very easy to break though. With a copy of KNOPPIX you can be on your way to cracking the longest and most complex WEP encryption strings. KNOPPIX is a Linux distribution that boots and runs off a CD and comes with WEP cracking software like, WEPcrack.

I continued the bastion process with MAC address filtering. I nabbed the MAC address off the laptop with a simple ipconfig /all and copied that into the wireless access point. Applied the settings and boom my MAC address was the only address to be allowed on the WAP.

We all know that it is very easy to spoof a MAC address so I continued hardening the security on the WAP. The next thing to do was to change the default SSID. I setup the SSID for the WAP to be a very long string of identifying but not common words. What good does that do you might ask? Probably the biggest thing when it comes to securing a wireless device is to turn off the broadcasting of the SSID. If you’re not broadcasting your SSID it becomes more difficult to detect let alone hack into a wireless network. When you don’t broadcast your SSID and combine that with an unusual SSID string, WEP encryption, and MAC address filtering you’ll have a fairly secure wireless device. Of course wireless security is somewhat of an oxymoron but using the measures I’ve taken makes jumping on my wireless network quite a chore.

The last thing I did was to change the default password for the WAP itself. You should never keep the default password for any device.

Insecure wireless networks are one thing but wide-open wireless networks are another thing completely. Any number of hackers, spammers, or all around bad guys can use an insecure network to cause all kinds of havoc at your expense.

These steps I took to secure my wireless network are all very simple and were easily done. These security measures can go a long way and take very little time to implement. This WAP bastion process can save you as well as numerous other people on Internet a big headache later.