Troubleshooting: Securing Home Wireless Networks
Q: I’m having a problem with my wireless connection at home. Internet browsing works for a while but then goes dead — even after several reboots. Two days later, it will magically work again. The wireless router has a laptop and a desktop with a Cat5 cable connected to it. The strange thing is that the desktop, a three-year-old workstation, works. Help!
A: This happened to a buddy of mine. I decided to pay him a visit, as there is only so much you can do remotely.
When I took a look at the connections, I saw that his Linksys wireless router was hooked up to Vonage, a Voice Over Internet Protocol (VoIP) device. My friend said he hadn’t experienced any interruptions in phone service while his laptop Internet connection was down, which surprised me since Vonage relies on an Internet connection. Since the desktop workstation was working and there weren’t any phone issues, I figured the problem probably wasn’t related to the Internet service provider (ISP).
When I powered up the laptop, I found that it was associated to a wireless SSID (service set identifier) named “Linksys” and received an IP, but would not connect to the Internet. It was able to ping the default gateway, but couldn’t get to the domain name system (DNS). Meanwhile, the desktop computer was connecting just fine.
I compared the configurations side by side. Both used the same SSID, but after running the “ipconfig” command, I found they were on different IP networks.
I logged in to the router’s Web interface from the wireless laptop. The router information indicated it was not the one I saw in front of me. In fact, the one I was logged into had no voice submenu. I logged on from the wired desktop and got to the correct device, which did have the voice submenu.
At that point, it seemed like the puzzle was starting to make sense: There were two wireless routers broadcasting a “Linksys” SSID. The first was the one in my buddy’s apartment; the other was close by — probably in a neighbor’s house. This is very common since people buy the routers in retail shops and are told simply to plug it into their modems and start using it. Many don’t install any kind of security measures or customization.
When I changed the SSID to a different name and set the laptop to join that network, it connected to the Internet and the “ipconfig” command displayed the correct address.
To make sure this problem never occurs again, it’s important to secure your wireless network. The main security options are:
1. WEP (Wired Equivalent Privacy): This uses the same password all the time, which makes it relatively unsecure. You can make WEP more secure by setting a key in index two, three or four. Just don’t try to get your iPhone to join a WEP network that uses any key index other than one, as it is still not supported.
2. WPA and WPA2 (Wi-Fi Protected Access): This method addresses many of the problems of WEP.
3. MAC address filtering: This method allows you to specify who can attach to your wireless network based on his or her MAC (Media Access Control) address. It can be used by itself or can be combined with the other two methods.
4. Non-broadcast SSID: You can “hide” your wireless network from the neighbors by setting the SSID to silent mode. But you should only do this if you are very familiar with wireless technology, as it will be harder to configure all your devices in a static manner this way.
My recommendation is that you use at least WPA-PSK and go for WPA2 if you can. MAC address filtering can be a high-maintenance solution, and it’s not impossible for hackers to fake a MAC address. Non-broadcast SSID is a good safety net, but only for the advanced user.
Avner Izhar, CCIE, CCVP, CCSI, is a consulting system engineer at World Wide Technology Inc., a company that provides technology and supply-chain solutions. He can be reached at email@example.com.