Secure Your Wireless Connection

Wireless networks use radio frequencies to transmit and receive data. This means that someone walking, driving, or flying by can easily tap into your unsecured wireless connection without your knowing it. In fact, armed with the right tools – and these are readily available -- some people virtually stalk areas for an open wireless access point (WAP).

Wireless users should use all available security features and tools at their disposal to prevent unauthorized use of their computers, accounts or smartphones. Some of these are listed below:

When you are not receiving or transmitting, it is safer to disable your wireless card on your computer and WAP thereby making access impossible to a would-be intruder.

WPA2 stands for Wi-Fi Protected Access version 2, the current official Institute of Electrical and Electronics Engineers (IEEE) standard. It is based upon the 802.11i security standard and is more secure than WPA by using the Advanced Encryption Standard (AES) for encryption. If your wireless card is not WPA2 compatible, check with the vendor to see if it's upgradeable, or consider buying an external wireless card.

Avoid sending data in clear text (i.e., unencrypted) or using weak encryption (WEP). If you cannot use WPA2, then enable WPA with a strong key (i.e., difficult to guess; at least 20 characters) instead. Remember to change your key regularly.

Select the following links for definitions of confidentialpersonal, and proprietary data. Contact your departmental ITC for encryption instructions.

Employ a personal firewall on your computer.

Turn off file sharing.

For any transmission requiring a password, always use encryption like a secured sockets layer (SSL) or secure shell (SSH). Use these modes for any transmission. Heed all security warnings and make certain your browser verifies valid SSL certificates.

Use e-mail protocols that are SSL enabled.

Employ media access control (MAC) address filtering to ensure that the WAP only communicates with certain wireless devices (i.e., register the MAC address on your wireless card with the WAP, which should “talk” to only the cards registered to it). Using MAC address filtering is not a guarantee of full security because MAC addresses can be copied (i.e., “spoofed”). However, using MAC does make access by unauthorized persons more difficult.

When remotely connecting to the campus, use a VPN connection to securely access campus resources. 

Harden (strengthen) all security systems on your equipment (i.e., use strong passwords; authenticate access where possible; etc.).

Instant messages are generally transmitted as clear text making login scripts, passwords, credit card numbers, and other confidential information more accessible.

Change the default service set identifier (SSID), the wireless network name, to one that is difficult to guess. Prohibit the broadcast of the SSID so that it does not indicate its availability for use. If possible, change your WAP’s default channel addresses: set your WAP to receive, but not to broadcast.

Disable Dynamic Host Configuration Protocol (DHCP) so that the IP address would need to be configured manually on your laptop. Or, as an alternative, change the default DHCP address range.

Your network router can be set to block access. The router, or any access point, should require strong passwords in order to access administrative functions. Disallow wireless access to these administrative functions.