How To Secure Your Wireless Network
by Jerry Malcolm - Originally published in issue 1 of (IN)SECURE Magazine - Tuesday, 9 August 2005.
Do not allow the MAC address to be broadcast. The method for filtering your MAC address is to manually enter the MAC address of your network card into your network access point devices. As before, it requires a little more work but make this part of your network development check list and you will have an increased confidence that your network security precautions were thorough.

Usually the MAC address of your network card is located on the device itself.

Dump the Defaults

So far we have seen that in all cases, the default broadcast permissions and addresses and passwords that come with a network device are a point of security concern. Default broadcasts of security codes are provided to make it easy for you to set up and take care of your network. Resist the instinct to “do it the easy way”. Put the extra effort into changing all defaults that might provide access to secure address or codes and to change preset passwords and user names in the devices you purchase to set your network initially or expand your network later.

Each time you add a net network access device, make the following two steps as important as opening the box and taking the shrink wrap off.

Take out your wireless network security with the checklist located at the end of this article.

Change the default user name and password for your new wireless network security access point.

Another often overlooked default to change when setting up your wireless network is your default IP router subnet. Routers are preprogrammed with a default IP address of Just as that is easy for you to know, it is easy for those who would hack your network to know that. Therefore put into place an IP network id that you will use that is not the default and not easily decoded by an intruder.


DHCP is one more method that network designers implemented to make your entry into the wireless world worry free and to reduce the “work” of setting up and maintaining your network. Through DHCP the IP address used internally for access of your wireless network is generated each time an access point enters the internet. This is a critical function for a large network because the use of a “static” IP address (that is one that does not change) can cause difficulties accessing the internet due to IP address conflicts etc.

If the number of access points to your home wireless network is small turn off DHCP so the network does not generate dynamic IP addresses. Implement static IP addressing and in that way, there is no need to broadcast your IP data to the wireless world. By keeping your IP address secure and out of the hands of sniffers and hackers, you introduce one more frustration to those who might look to break into your network and do it harm.

The Firewall

The firewall is a critical part of desktop security, corporate network and the “wired” network environment. However, there is a place for the firewall in the wireless setting. That place is between the wireless network and other external networks and/or between the wireless network and the internet. Our discussion of security in this paper has focused on attackers who might attempt to hijack or eavesdrop on the network directly “through the air”. However, as each node on your network accesses the internet, that interaction continues to be a high traffic security concern. Each desktop should have all of the standard security protections including a quality firewall, spyware and virus detection etc. These are for the health of the node.

However, as the “network administrator”, research the best resource for a network firewall that stands between the internet and all of the access points on your wireless network. Such precautions will be worth the upfront effort and research. Is it overkill to have a firewall there as well as on the access points? No, when it comes to security, as long as the presence of the protection does not impact productivity, no precaution is over kill.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th