How can I make sure my wireless network is secure?

If you switch on a PC that has a wireless adapter and is running a relatively new operating system, such as Windows XP, it will automatically look for available wireless networks. While this makes connecting easy, it also makes it easy for anyone in the vicinity to detect and access your network. While there's a small degree of security inherent in a cabled network -- as an intruder must physically connect to the system -- a wireless hacker could access your network while in a car outside your building, or in the office next door. Even if your business data is secured by passwords, an unsecured connection could allow anyone to surf on your network, possibly running up a large download bill. For this reason, it's important to make sure your wireless connection is secured.

The most widely deployed security solution for wireless networks is WEP (Wired Equivalent Privacy), which encrypts data sent over the network. To gain access to a WEP-protected network, users must know both the network name -- generally referred to as an SSID -- and have a password for that network. By design, these are generally a nightmare to remember, and are changed regularly.

WEP is a form of encryption that is similar to SSL (secure sockets layer), which is used to secure Web browser sessions. The cryptological algorithm used by WEP is a very strong 128bit password key encryption. Unfortunately, although it does veil the content of data sent through the airwaves, the implementation of WEP lends itself to easy decryption by anyone willing to dedicate a few hours of their time. Nonetheless, protection via WEP is better than none, so make sure you enable it on your network.

An additional safety measure that can be taken is configuring all access points to restrict connections to predefined MAC addresses. A MAC address is a hexadecimal number that forms a unique hardware ID for every network card ever manufactured. A MAC address can be determined by typing ipconfig /all into a DOS or command window, or by viewing the network card hardware properties from the control panel. Configuring an access point to only accept connections from specified MAC address will ensure that no roaming wireless devices can browse your network. Bear in mind, however, that it won't prevent them from intercepting your transmissions! Another recommended setting is to disable any access points from broadcasting their network name or SSID wherever possible.

Properties for an infrastructure WLAN are shown here.

A more advanced form of protection is WPA (Wi-Fi Protected Access), which provides individual user authentication as well as more secure encryption. However, this is only effective if support is built into the operating system -- which is the case, for instance, with Windows XP but not with earlier releases of Windows. WPA is generally only active on 802.11g networks. WPA will be built into 802.11i, the successor to 802.11g.

It's worth reinforcing that these security standards are specifically designed only to protect the wireless component of your network, and that normal network security protocols should also be in place. If you try to carefully protect your network from casual intruders, but still allow connections with a guest log-in, you're going to run into trouble eventually.