Gallery

The PC Pro guide to wireless

Posted on 28 Nov 2005 at 12:13

This makes it much more difficult for anyone to find and start attacking your setup. It's as easy as pie and simply requires you to think of a name and check the 'hide SSID' option, which your router will invariably have in its web-based configuration.

Access restriction

This is the most tedious aspect of wireless security to set up, but if you're paranoid MAC-address-based access control is one more obstacle in the path of a determined hacker. As we mentioned earlier, every Ethernet device has a unique MAC address which is unique for that device. By setting up a table of the MAC addresses of your wireless devices in the router, you can restrict access to only those devices - any device with an unknown MAC address will be refused a connection. The drawback is that you have to manually enter the MAC address of every device you want to connect, but that's only a problem if you frequently have new hardware or you want guest devices to connect to your network with the minimum of fuss. Some routers also allow you to flip this idea on its head and specifically deny access to MAC addresses you specify and allow all others. This can be useful if you suspect a particular PC on your network has been infected by a virus - by specifically denying it access to the wireless network until you're sure the infection has been cleaned, you reduce the risk of the virus spreading without having to physically remove the wireless adaptor.

Detecting unauthorised access

If you suspect someone's stealing your bandwidth by connecting without your consent, it can be difficult to verify. The best thing to do is go into your router's web-based configuration system and check the client DHCP list. This is the list of network adaptors currently assigned an address on the router. If you're using only one computer (or, more specifically, one network adaptor), there should be only one IP address listed, and it should correspond to the host name and MAC address of your PC. If there's more than one and you haven't forgotten about any other wireless devices you have, such as printers or media-streaming audio gadgets, someone else is probably connected.

Looking at the DHCP list isn't foolproof, though: if the person stealing your bandwidth has had the presence of mind to manually configure an IP address it won't show up in the DHCP list. But many routers also have a log-file feature, some of which show all clients making a connection - this should be foolproof if you can be bothered to wade through it. If it does seem that someone's piggybacking, note the MAC address and block it, then change your SSID and encryption keys, and also change to WPA if you're using only WEP.

Don't get too paranoid, though: if you've followed these instructions and WPA is properly set up, there's little chance of anyone breaking into your system. Enjoy your wireless freedom.

Author: David Fearon and Nik Rawlinson