Microsoft KB Archive/309369

= How to Make Your 802.11b Wireless Home Network More Secure =

Article ID: 309369

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 98 Second Edition

-



This article was previously published under Q309369



SUMMARY
Wireless networks can be vulnerable to a malicious outsider gaining access because of the default settings on some wireless hardware, the accessibility that wireless networks offer, and present encryption methods.

The concepts that are presented in his article are general suggestions, and may help make your wireless network more difficult for a malicious outsider to gain access. For more specific information about the implementation of these suggestions, see the documentation for your wireless network hardware or contact the hardware vendor.

The 802.11b standard permits Wired Equivalent Privacy (WEP) encryption. Depending on the manufacturer and the model of the network adapter and access point, there are two levels of WEP typically available: 64-bit encryption based on a 40-bit encryption key, and a 24-bit initialization vector, and 128-bit encryption based on a 104-bit key and a 24-bit initialization vector. In addition to enabling WEP, there are other steps that you can take to make your home local area network (LAN) more secure.



Making your Wireless Home Network More Secure

 * Enable the highest level of WEP that your hardware provides. WEP provides some security and is effective in deterring casual attempts by outsiders to infiltrate your network. Most 802.11b certified products can use basic 64-bit WEP encryption. By default, however, 64-bit WEP encryption may be disabled.
 * Change the default Service Set Identifier (SSID) and passwords for your network devices. Access points/wireless routers ship from the manufacturer with default SSID and passwords which is the same on all devices made by that manufacturer. Leaving these at default makes it easy for a malicious outsider to gain access.
 * Do not change the SSID or password to reflect your name, address, or anything that would be easy to guess. Use upper and lower case letters, numerals and symbols for the password, if the hardware supports this.
 * As you survey your home for access point deployment, think about locating the access point toward the center of your home instead of near the windows. Plan your coverage to radiate out to the windows, but not beyond. If the access points are located near the windows, a stronger signal will be radiated outside your home making it easier for those outside the building to locate your network.
 * Take a notebook computer that is equipped with a wireless network adapter, and go outside your home and survey what range you get in moving around your property or neighborhood. You may be surprised how far the signal radiates. If you can connect from three or four houses away, so can someone else.
 * Some access points allow you to control access based on the media access control address of the network adapter trying to associate with it. If the media access control address of your adapter is not in the table of the access point, you will not associate with it. If your access point has this feature, enable it and add the media access control addresses of the network adapters you use.
 * If your access point is also a wireless router, think about assigning static IP addresses for your wireless adapters and turn off DHCP. By not automatically assigning IP addresses to clients who access the network, it makes it a little more difficult for an outsider to gain access. Also consider changing the IP subnet to a different subnet that does not route on the Internet. Many wireless routers default to the 192.168.1.0 network and use 192.168.1.1 as the default router.
 * Purchase access points and network adapters that support 128-bit WEP. Some products only support 64-bit (40 bit key) WEP, and are not as secure. Note that some adapters may only require a driver upgrade to attain 128-bit WEP capability.
 * Purchase an access point that has a flashable firmware. There are a number of security enhancements that are being developed, and you want to make sure that you can upgrade your access point as these become available.
 * Some products support additional security features that are either not defined by the 802.11b standard, or not mandated by the standard. Products that use a propriety security method will only work with products from the same manufacturer, but can enhance the security of your network.
 * Use a combination of the previous suggestions.

Keywords: kbhowto kbinfo kbnetwork KB309369

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.