Why protect wireless networks?

Wireless networks, which are sometimes known as Wi-Fi or 802.11 networks, let computers talk to one another using a radio link similar to cordless phones.

Like any radio transmission, anyone in range can pick up the signal or transmit on the same frequency. This means that wireless networks are at risk from:

* Eavesdropping – listening to the information as it is transmitted over the air. This means that information on the network must be encrypted
* Hacking – anyone in range can connect to the network. This means that the network must be restricted to known and trusted users and computers.
* Freeloading – where a wireless network is used to share a broadband internet connection, there is a risk that unauthorised users will use your connection without permission.

The problem is that most wireless network equipment, when it comes out of the box, is not protected against these threats in order to make it easy to set up. This means you have to configure the network yourself to make it secure.
How to protect a wireless network

Although the Wi-Fi standard defines things like encryption and access control, the way you set them up varies from manufacturer to manufacturer. This means that the advice will seem a little technical because it is only possible to say what you have to do, not how you do it. Consequently, you will need to refer to the documentation that came with your hardware to set these defences up.

* Use encryption. WPA2 is the best but is generally only available on the latest hardware. WPA-PSK is the next best and is available on most hardware. Failing either of these, for example if you are using older access points and network cards, use WEP.
* Use access points only rather than ad-hoc, peer-to-peer networks. Access points give more control.
* Make sure that every computer on the network has a desktop firewall (see Use a firewall).
* Use public access points with care (see Use public computers carefully).
* Switch off SSID broadcast. The SSID is the name of the wireless network.
* Choose an obscure SSID name. With SSID broadcast switched off, an obscure SSID will make it harder for a hacker to guess.
* Use a strong password to access the wireless access point (see Use strong passwords).
* If your access point allows it, restrict wireless access to the hours that you are likely to use it.
* Use MAC filtering. Each network card has a unique code called a MAC address. You can set access points to restrict access to certain, trusted MAC addresses. This will restrict people’s ability to freeload.