Mac Corner: Securing your networks   

By Larry Grinnell, Palm Beach Phoenix Apple Users Group

larry grinnellSetting up networks for your home or small business has never been easier. You go to your favorite big box or office supply store, choose a wireless router, plug it in, insert a CD into your computer, click a few buttons, and the rest is done for you. Pretty neat. It was only a few years ago when you almost needed a Network Engineering certification to install and configure a wireless network.

I’m focusing on wireless networks because they are so easy to set up, and don’t require wiring your home or office. With that convenience, however (you just knew this was coming), you get to face new and potentially interesting challenges. First and foremost is security. There are bad guys out there who can exploit and render useless pretty much every barrier you put up. It all depends upon whether you have something (information) the bad guys want, and how hard they are willing to work to get it.

Now, just because determined bad guys might be able to access your networks, it’s no reason for you to throw up your hands and give up. You can put up effective barriers to keep all but the most determined bad guys out of your networks.

Every wireless router on the market today supports several security models. I’m going to ask you to ignore all but one of them (this assumes you are indeed a small business or home user without an IT staff that is familiar with advanced wireless security techniques — basically additional enhancements to existing protocols).

When you set up your wireless router, you are presented with an alphabet soup array of options.

Let’s start with WEP (wired equivalent protocol). Two words: run away! WEP’s underlying structure is as leaky as an ancient pipe. Even the most casual hacker with cracking software freely available on the internet can get past WEP security in as little as 30 seconds, laying your network open for additional attack. It’s almost like not having any security at all. It breeds complacency because installers think that because there’s a password involved, it’s secure. It isn’t.

WPA (Wi-Fi Protected Access). WPA is a vastly improved security protocol. Unfortunately, it still isn’t improved enough. WPA, especially if your password is comprised of recognizable words or phrases, can be cracked in under an hour—maybe even less than that, with hacker tools freely available on the internet. In spite of that, there are ways that you can effectively use the older WPA standard. More about that below.

WPA2 was developed to improve upon the original WPA specification, and for the most part, it is up to the task. For most home and small business applications, WPA2 with PSK (Pre-Shared Key) is what you should be using to secure your wireless network.

The key to all of this is to use effective passwords. Even the original WPA protocol can be fairly effective when using a long, complicated password is used. By long, I mean you should use at least 13 characters, 20 is better, of mixed upper and lower case letters, numbers, and punctuation. If you choose to use a familiar phrase, there are strategies you can apply that can make them pretty effective.

This is just an example; please don’t use it for your password. Bad guys read this column, too!

Take a phrase like: Be it ever so humble, there’s no place like home.

Change it to B31t3VerS0hVmbL,TH3r3+zN0p1AC3L1keh0m3.

Whew! That’s a mouthful! Note that I substituted the numeral 3 for most of the Es, the numeral 1 for I, the numeral 0 for O, and some other tricks. Write it down. Save it in a text file so you can copy it and paste it into the password field of your configuration file (where you set up wireless accounts), and for the wireless router. Maybe that phrase was extreme, but I don’t think you will have to worry about someone cracking that password!

Still, use WPA2 if it’s available. Some older computers and older wireless routers might only support the WPA (without the 2) protocol, or even older ones that just support WEP. Note that every computer attached to your network needs to be configured the same way.

Look at the computers you are using. See what wireless security protocols they can support. If all can support WPA2, set up your wireless router for WPA2 and then configure your wireless devices (laptops, etc.) with that same protocol. If any of your computers can only support WPA, everything will have to be WPA. If neither WPA nor WPA2 are supported, consider replacing your wireless router (if it doesn’t support newer standards) and any computers that cannot support the newest security standards. Computers and routers are pretty cheap. You just need to ask yourself how valuable your information is.

You can effectively secure your home or small business network, using consumer grade wireless routers. Just use the WPA2 protocol, use long passwords (preferably at least 20 characters), and make sure the passwords use a combination of upper and lower case characters, numbers, and punctuation marks. If you are really serious about security, change your network password at least every 6 months. There are more things you can do to reduce your wireless router’s footprint, but that’s all I have space for this time.

EDITOR'S NOTE: Readers are welcome to comment on this or any Mac Corner columns by visiting the Palm Beach Phoenix blog as well as by writing the editor of Palm Beach

Mac Corner runs every Wednesday only in Palm Beach Click to read the previous column.

About Larry Grinnell: Larry has been working with Macintosh and Windows PCs for over 25 years and worked as a senior technical writer and IT support professional for a major midwest-based consumer electronics and telecommunications equipment manufacturer here in South Florida. His musings on a wide variety of topics from computers to jazz guitar to strange foreign cars from the 1950s can be viewed at the website. Click here to reach him by email.

palm beach phoenix logoWriters of this column are members of the Palm Beach Phoenix Apple User Group, a nonprofit organization for Apple Computing Device Users, recognized by Apple Inc., with the purpose of providing educational training and coaching to its members (students, professionals and seniors alike) in a cordial social environment. The club meets the second Saturday (1-4 p.m.) and fourth Wednesday (6-8 p.m.) of each month at the Fire Station #2, 4301 Dixie Highway in West Palm Beach (just two block south of Southern Boulevard). Click here to visit their website. Click here to reach them by email.

The Outlok effective affordable advertising

Openings at $75K to $500K+
ad for tina pugliese's column

palm beach
DECEMBER 9, 2009 click to go home
click to go back to the top
Delray's Online Business and Community Newspaper