Secure a WiFi network
Anyone with a quality Internet connection who uses a WiFi network to
broadcast it always runs the risk that someone is going to steal their
internet using one of the many hacking and piggybacking tools available
freely from the net.
So, what do you do if you want to be able to keep that bloody expensive
connection all to yourself. I'll discuss some solutions for varying
levels of network size and security, and you can pick which one works
best for you.
An easy one is to set a network password. Wireless keys simply block
easy access unless you enter in the right password. Of course, like any
password, this can be cracked with some freeware and a bit of computer
smarts, but it's quick, easy and will deter the local neighborhood kids.
Make sure you choose WPA, not WEP, since WEP is so stupidly easy to
crack it's not even worth it. When you choose a key, my best suggestion
is this : make it completely random. Basically, start punching your
keyboard and keypad until you have a satisfyingly long and complex
combination of letters and numbers that nobody could ever guess it.
Write it down somewhere safe, and then bid good luck to anyone who tries
to crack it.
Try using either WPA as above, or if you want to get more into it, you
can choose WPA2 Enterprise, which requires a username and password. Of
course, you're going to need some pretty serious server architecture on
the server-side but it's very strong. You can even specify groups for
users and limit access to connections or network resources by which
groups your users belong to. This means you can even grant access to
your network without endangering your internet, or the other way around.
For this, you are probably best running Windows Server possibly with
ActiveDirectory on your server and set it up between you router and your
server from there.
If you want to get really serious, you can take it to the next level.
Use WPA2 Enterprise, requiring a username and password, but then also
require certificate authentication. For this, you will again need a lot
of server-side work to make it reliable and functional, but it could be
worth it. This way, you can control who logs onto your network, and from
where/what. Create a network certificate (I won't go into the details
here) and specify any details you need, then distribute it to the
clients you want to connect. I find the easiest way of doing this is to
drop it onto a small-capacity USB drive and share that around,
installing the certificate as you go. I've also heard of people
programming incredibly intricate certificates with full call-home
procedures to ensure security, which you can try if you're feeling a bit
weird. Of course, then, you will need to configure your network to
accept logins and then to check the certificate and you need to set up
every client computer's network settings to submit it's certificate. But
of course, by this time, there is just about nothing on the outside
which could easily get in.
So, if you implement any of these, (or all of them, as I've seen before,
with varying degrees of success) you should find that your connection
is pretty secure from all those outside intruders and you're safe to
stream, torrent and generally throw yourself about on the interwebs with
a bit more confidence...
on Jul 27, 2010 | PC Desktops