Recently I discovered my kids were logging onto the internet through a wireless connection. The problem is, we don’t have one! Presumably one of our neighbours does. Recognising the ethical and security issues, we have put a stop to this behaviour. However, we are going to upgrade to a broadband connection and have planned to get a wireless modem. How can I be sure we are using our network, and not a neighbours? Also, how can I secure the wireless connection to prevent others from accessing our network?

This is a very good question. Before starting on the security risks, I will briefly outline the basics of creating a wireless network to share internet. When you mention a wireless modem, you are talking about a wireless broadband router. The internet connection plugs into the wireless broadband router and then all client machines (which want to access the internet) connect to the router through either wired Ethernet (i.e. a wired connection) or wireless. As you can see, the router acts as the central point in the local area network. You configure the router with login details for your internet connection and the router connects to the internet whenever one of the client machines requests internet access and then provides internet to the client machine. So, you can think of the router as a very basic computer.

Having an unsecured wireless access point has several security risks, such as allowing anyone who notices your wireless network to use your internet connection. Furthermore, when someone associates (connects) to the wireless access point, they are connected to your local area network. Broadband routers are not just limited to sharing internet, but can also allow computers to communicate with each other, for services such as file and print sharing. So, should an outsider gain access to your network through unsecured wireless, other computers on the network could be compromised.

Now we understand the basics of broadband routers, we can discuss wireless. Wireless broadband routers, as the name implies, include a wireless access point providing computers to connect to the router using wireless networking. Every wireless network has an SSID (service set identifier). This is the name of a wireless network and is automatically broadcast by default (on many routers). You can configure this name yourself, allowing your network to be distinguished from others (such as your neighbours). For example, if your wireless router SSID is configured ‘GB’ you know this is your network. This answers your first question about knowing to which network you are connected.

Many routers by default are configured with SSID broadcast enabled, and no encryption. Just as your kids managed to do, this allows anyone who sees your router to connect to the network. Therefore, I strongly recommend everyone implements security on their wireless networks. Firstly, enable encryption on the network. This will encrypt the traffic between the wireless network and client computers based on the user-defined ‘passkey’. This also prevents clients from associating (joining) the network unless they know the passkey. The two most widely known levels of encryption are: WEP (Wired Equivalent Privacy) and WPA-PSK (Wi-Fi Protected Access Pre-Shared Key). I recommend using WPA-PSK, as the WEP method has been cracked/broken and thus is no longer safe. When enabling WPA-PSK you will need to specify a ‘passkey’. This passkey must then be entered onto each computer which intends to connect wirelessly to the network.

Secondly, you should disable SSID broadcast. This will prevent the access point from broadcasting its presence, so casual snoopers will not obviously see the network. I suggest only doing this after initially associating the computers with the wireless network, otherwise these legitimate computers will have a bit more difficulty finding the network.

Finally, enable wireless access control (also known as MAC address filtering). This will only allow computers with predefined MAC (Media Access Control) addresses, a unique identifier for the network adapter in the computer to associate with the wireless network. If the computers are already associated, you should be able to select which ones to add to the access control list. If not, you may need to manually enter the MAC address. To find the MAC address of the wireless adapter on a Windows XP computer, go to the ‘Start’ menu > ‘Run’ and type ‘cmd’ and press OK. At the command prompt that appears, type ‘ipconfig /all’ (without the quotes) and press ENTER. Under ‘Ethernet adapter Wireless Network Connection’ you should notice an entry called ‘Physical Address’. This is the MAC address of the network adapter. Should you have multiple network adapters in the computer (e.g. a wireless adapter, plus a wired Ethernet adapter) each adapter has its own MAC address. Therefore, make sure you read the MAC address for the wireless adapter, under the ‘Ethernet adapter Wireless Network Connection’ heading.

Please do not treat these three procedures as the end - there are many other security methods you can implement, such as disabling the DHCP server and statically assigning IP addresses to all client computers (so even should someone associate with the network, they will not get an IP address). While no security techniques will make the device completely invulnerable to attack, these measures should make it relatively difficult for a casual snooper to access your connection. Should other readers have additional suggestions please write in!