Could you expand on how we can secure home networks when using Wi-Fi technologies?

Having to maintain the security of a wireless network is something that’s probably new to most home users, and it can often be frustrating due to all the new information you have to assimilate. Network administrators should take note too. An employee working at home with an insecure wireless network is a great attack vector for infiltrating your enterprise.

Traditionally, the most often-used solutions are things like turning on SSID cloaking, enabling MAC address filtering, disabling your DHCP server, and setting a WEP key. In fact many news outlets not associated with IT (where most new users will learn about wireless network insecurity) are still advising home users to do these things. However, to anyone in the know these techniques are woefully inadequate.

SSIDs can be sniffed, allowed MAC addresses can be spoofed, and valid IP addresses can be observed to determine a target network’s address range. These things barely qualify as a nuisance to an attacker. That’s not to mention the myriad issues that have plagued WEP and continue to do so. It can take as little as your network broadcasting a single WEP encrypted frame of sufficient length for someone to derive enough information to construct packets to inject into your network. An attacker can then generate network traffic that will give sufficient data to easily determine your WEP key. All of this can be done in as little as a few minutes. Now this doesn’t sound very secure, does it?

So where does that leave a user who wants to secure a home network? Well, there’s WPA and WPA2. Both Windows XP and Mac OS X support them, and any access point manufactured within the past few years should support these mechanisms too. WPA and WPA2 both have a mode called the PSK (Pre-Shared Key) mode that will allow you to use a password in lieu of using a full-blown 802.1X setup, which is perfect for the home user.

If your hardware supports WPA2 use it; otherwise use WPA. Also make sure you use a strong key. This will lessen the chance that an attacker performing an offline dictionary attack against your network will be successful. You can easily obtain a strong key by going to a web site that will generate one for you automatically. Of course, you should also change the SSID from the default and the password to the AP’s configuration interface. Finally, for employee laptops that are used at home, companies also need to look at implementing clients that are now available to enforce their wireless security policies (such as using a VPN); this will reduce the possibility of losing valuable data or opening up a back door to your network.