1. Field of the Invention
The present invention relates to network security, and, in particular, to network security in wireless home networks.
2. Description of the Related Art
Wireless networks are increasingly found in the home, with most wireless networks operating in accordance with one or more of the 802.11 family of wireless networking standards. The core of a Wi-Fi home network is an access point (AP) or router that coordinates the communication over wireless radio links with one or more wireless devices (BSs, or basic subscribers), such as a laptop or other computer with other BSs or a landline (or other backbone) network such as the Internet. To set up an AP or router, manufacturers provide Web pages accessed from a local PC coupled to the AP or router, which allow owners to enter their network address and account information. These Web tools are secured with a login screen usually having a username and password. However, for any given piece of equipment, the logins provided are simple, very well-known to hackers on the Internet, and, consequently, easy to break.
All Wi-Fi equipment supports some form of encryption technology that scrambles messages sent over the wireless radio link. Several encryption technologies exist for Wi-Fi today, but all Wi-Fi devices on a given network must share identical encryption settings, requiring the use of a a “lowest common denominator” encryption setting for the network devices.
APs and routers all use a network name called an “SSID” for network device identification. Manufacturers normally ship their products with the same SSID set. Knowing the SSID does not by itself allow a hacker to break into a network, but knowledge of the SSID is a starting point for hackers attempting to break into the network. In Wi-Fi networking, the AP or router typically broadcasts the network name (SSID) over the air at regular intervals to support roaming where Wi-Fi users may roam in and out of range of a network. In home Wi-Fi networks, this roaming feature is unnecessary, and it increases the likelihood an intruder or hacker might attempt to log into the home network. Most Wi-Fi APs allow for disabling of the SSID broadcast by the home network administrator.
Each piece of Wi-Fi equipment also possesses a unique identifier called the physical address or MAC address. APs and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment to restrict the network to only allow connections from those devices. However, software programs employed by hackers might be written so as to read and fake MAC addresses easily. In addition, most home networks use dynamic IP addresses, or “DHCP” that also weaken network security by allowing network hackers to easily obtain valid IP addresses from your network's DHCP pool. Network APs and routers also contain built-in firewall capability, but the option also exists to disable them.
Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for hackers to detect and exploit the signal. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Often, a user attempts to position the AP or router device near the center of the home, rather than near windows, to minimize leakage of the network's signals to the home's exterior.