Getting rid of the defaults

Getting rid of the defaults
It’s incredibly common to go to a Web site like Netstumbler.com, look at the
results of someone’s Wi-Fi reconnoitering trip around their neighborhood, and
see dozens of access points with the same exact Service Set Identifier (SSID,
or network name; see Chapter 2). And it’s usually Linksys because Linksys is
the most popular vendor out there. Many folks bring home an access point,
plug it in, turn it on, and then do nothing. They leave everything as it was set
up from the factory. They don’t change any of the default settings.
Well, if you want people to be able to find your access point, there’s
nothing better (short of a sign on the front door; check out our discussion of
warchalking — the practice of leaving marks on sidewalks to point out open
APs — in Chapter 16) than leaving your default SSID broadcasting out there
for the world to see. In some cities, you could probably drive all the way
across town with a laptop set to Linksys as an SSID and stay connected the
entire time. (We don’t mean to just pick on Linksys here. You could probably
do the same thing with an SSID set to default, D-Link’s default, or any of the
top vendor’s default settings.)
When you begin your security crusade, the first thing that you should do is
to change all the defaults on your access point. At a minimum, you should
change the following:
Your default SSID
Your default administrative password
You want to change this password because if you don’t, someone who gains
access to your network can guess at your password and end up changing all
the settings in your access point without you knowing. Heck, if they wanted
to teach you a security lesson — the tough love approach, we guess — they
could even block you out of the network until you reset the access point.
These default passwords are well known and well publicized. Just look on the
Web page of your vendor, and we bet that you’ll find a copy of the user’s
guide for your access point available for download. Anyone who wants to
know them does know them.
When you change the default SSID on your access point to one of your own
making, you’ll also need to change the SSID setting of any computers (or
other devices) that you want to connect to your LAN. To do this, follow the
steps that we discuss in this part’s earlier chapters.
This tip really falls under the category of Internet security (rather than airlink
security), but here goes: Make sure that you turn off the Allow/Enable Remote
Management function (it might not be called this exactly but something like
that). This function is designed to allow people to connect to your access point
over the Internet (if they know your IP address) and do any or all the configuration
stuff from a distant location. If you need this turned on (perhaps you have
a home office, and your IT gal wants to be able to configure your access point
remotely), you’ll know it. Otherwise, it’s just a security flaw waiting to happen,
particularly if you haven’t changed your default password. Luckily, most access
points have this set to Off by default, but take the time to make sure that
yours does.