Securing home wireless networks

Taking a few extra precautions when you set up your home wireless router and modem can help protect the security and confidentiality of Yale business, and protect all of your family computers as well. Note that Yale University privacy and security requirements apply to ALL locations, including your home.

Configuring your home wireless router for security & privacy

1. Change the default SSID: Access points come with a default shared key called an SSID (Server Set ID) that is shared among all users of that access point. It is broadcast to everyone within range of the access point. Make sure that you change this SSID from the default setting, so that hackers have less information about your equipment and setup.
   • Do NOT allow connections using a blank SSID or an SSID set to ANY or any.
• NOTE: SSIDs are case sensitive.
2. Enable MAC address filtering: Switch on the MAC filter and enter the MAC of your system (MAC is your computer's physical identifier). This will only allow your specified hardware to connect to the system. Take into consideration that the MAC information is not encrypted; MAC filtering is only a good deterrent against casual intruders.
3. Set the encryption level to the most recent secure type that is available on your Wireless hardware: (The available method depends on how old your hardware is). By default, most ISPs will have your router set up with Wired Equivalent Privacy (WEP – the least secure protocol at 128 or 64 bit). WEP is easily hacked and provides limited security. The most secure protocol is WPA2 (Wi-Fi Protected Access with Advanced Encryption Standard AES), which you might see listed as WPA-PSK (pre-shared key). When you set up the WPA2 key, it will need a pass phrase. The pass phrase is the weakest point in this setup: to increase security, your pass phrase should have at least 21 characters (non-dictionary word).
4. Change the default configuration password: All wireless devices come with a default password to access the configuration program. Identity thieves can easily go online and get the default passwords for most brands of wireless equipment. If you use a default password, someone could easily change the configuration and even deny you access to your own network! Change the default password and use a strong password.
5. Set the DHCP range to the number of computers that you have on your Network: For example, if you have 4 computers set it to 101-104.
6. Disable Auto Broadcast: Most Wireless Access Points Broadcast their existence by default, you can try to disable this feature.

Additional wireless security measures

• Set the system to channel 11: This is not a big addition to security, but it will usually yield a better, cleaner wireless connection, as the default channel 6 is very busy.
• Power-off when not in use: Unauthorized users can't access your wireless router if it is powered off. If you aren't using it, shut it off.

Antivirus software is free from Yale for all your home computers

Always be sure that every computer in your home is running a current copy of Symantec Antivirus, and that all computers are updated regularly to keep the operating systems up-to-date. Protecting your family computers won't cost you anything—Symantec Antivirus is free for all the computers on your home network. You can download Symantec Antivirus from ITS software site.

 

See also: Wireless Security on the Medical Campus

---

Related topics

• Encrypted wireless network
• Wireless FAQ
• Wireless networking at Yale
• Wireless Security - medical campus
• Wireless security - central Campus
• Yale VPN information

Related University Policies & Procedures

• Yale Procedure - Systems and Network Security (pdf)
• Yale Guide: Selecting Good Passwords (pdf)