1. Swap out your stock antennae for directional antennae where possible

Most wireless access points (APs) come with omni-directional antennae that send wireless signals out in every direction – something you usually don’t need. You can purchase low-cost directional antennae from SMC, Hawking, and other vendors that will send and receive signals only where needed and help keep signals inside your building where they belong.

2. Adjust the power of your APs

Many APs let you adjust the transmit power settings which can be another great way of keeping your signals inside your building. Most APs default to full-blast power (30 milliwatts and sometimes more) so try some lower settings and see if you can’t get the same performance.

3. Change your default settings

As common a security recommendation as this can be, I still see a lot of wireless APs with passwords (sometimes blank ones), Service Set Identifiers (SSIDs), and IP addresses that are right out of the box. There are ways for the bad guys to figure these things out, but changing this information to something more obscure at least creates another layer of security. Also, don’t forget to periodically check for AP firmware and wireless client management software updates from your vendor(s). These usually include security updates that give you better security options and fix known vulnerabilities.

4. Use built-in security options

For starters, MAC address controls can be a good protection mechanism for the casual passer-by but are easily defeated by someone who wants access to your network. It’s a good thing to set up anyway. As much negative press that Wired Equivalent Privacy (WEP) encryption has gotten over the past few years, it’s still way better than nothing, so be sure to enable it with a difficult-to-guess passphrase. Ideally, you should enable Wi-Fi Protected Access (WPA) which fixes all the known WEP flaws. WPA version 2 (a.k.a. IEEE 802.11i) adds even more protection mechanisms but you may have to upgrade your hardware in the process. These security options can seem intimidating at first but they’re actually very simple to setup. If you can’t find good vendor documentation, you can almost always find how-to guides on the Internet via a quick Google search.

5. Secure your wireless clients

Keeping up to date with patches and malware (virus, spyware, etc.) protection is a no-brainer, but go a few steps further and harden your operating systems according to best practices from SANS, NIST, and the Center for Internet Security. Perhaps most importantly, use personal firewall software. This will help keep the bad guys from poking and prodding your system and exploiting vulnerabilities they find. I personally believe that ISS’s BlackICE has superior protection technology, but there are others as well including the Windows firewall built into Windows XP.

A small amount of time and effort securing your wireless network devices can have huge payoffs. Information – whether it’s personal or business-related – is way too easy to capture out of thin air otherwise. Given the risks involved and how simple it is to put these measures into action, there’s simply no excuse not to. In a future article, I’ll talk about some must-have wireless security testing tools (that are both free and low-cost) you can use to ensure your airwaves are secure once you setup your wireless network.