CompTIA®A+ Practical Exam Notes : Securing Wireless And Wired Network

3. Computer Security

3.4 Securing wireless and wired network

Enable MAC Filtering: MAC limiting the MAC addresses that can access the wireless network, you can prevent unauthorized computers from accessing your wireless network. Note that each MAC address is unique, and hence MAC address filtering can effectively prevent unauthorized computer access. By using MAC filtering, you can allow or disallow certain MAC addresses only. Note that even if the SSID broadcast is turned off, it is possible to access the wireless network if the intruder some how knows the network name.

MAC Filtering (or layer 2 address filtering): MAC filtering refers to a security access control method whereby the 48-bit address (also called MAC address) assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. To limit the number of computers to a known few, configuring MAC filtering is a very good option. This is configured on the wireless router and not on the client computers. Any wireless network, SSID needs to be configured on the wireless router. Note that if the router broadcasts SSID, then the clients will automatically learn about the wireless network. If the SSID broadcast is disabled on the router, you need to configure the clients with proper SSID (same as that of the router SSID).

Changing default SSID: SSID, short for service set identifier, a unique identifier attached to the header of packets sent over a WLAN. The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. You can hide the SSID so that it is not broadcast over the wireless network. For encryption, enable WPA2 (or the older versions like WPA). This would provide basic protection for the wireless network. Remember to use difficult to guess password for WPA2.

Installing an authentication server or an external Firewall incurs additional costs, and not a best solution. By default, SSID is broadcast by a wireless access point. By disabling SSID broadcast, the wireless network existance may be hidden. However, if SSID broadcast is disabled, one needs to pre-configure the SSID on a client workstation manually. Otherwise, it wouldn't be possible to communicate in the wireless network.

Note that WPA2 is an encryption standard, and client workstations will still be able to see SSID even if the WPA2 and Mac filtering are enabled. (MAC filtering is another security precaution, which enables (or disables) listed MAC addresses in the internal MAC filter table of WAP. You need to manually enter the MAC addresses for this purpose. SSID needs to be configured on the laptop for connecting to the Access Point. The DHCP server typically supplies IP address, DNS server information, and subnet mask.

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.

Enabling SSID broadcast will only annount the network to neighborhood devices, thus lessening the security of the network.

WPA, short for Wi-Fi Protected Access, is a Wi-Fi standard that was designed to improve upon the security features of WEP (Wired Equivalent Privacy). The technology is designed to work with existing Wi-Fi products that have been enabled with WEP.

It is possible that several networks are operating at the same frequencies. It is recommended that you change the WI-FI channel and see if it solves the problem.


Note that for WPA encryption, you need to configure it on the wireless router and on all the workstations. To enable MAC filtering, you need to gather the MAC addresses of all client computers, and feed it into the wireless router.

To secure the wireless router for home use from unauthorized access you need to change the default login/password on a router soon after the router is installed. Secondly, ensure to set encryption such as WPA2 so that only authorized users will be able to access the wireless network.

The specifications for various 802.11 standards is as given in table 1:

802.11 IEEE standards

As can be seen in the table, 802.11ac works at 5 GHz, and supports bandwidth up to 6.93Gbits/sec.


Note: MIMO (multiple input, multiple output) is an antenna technology for wireless communications in which multiple antennas are used at both the source (transmitter) and the destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. MIMO is one of several forms of smart antenna technology, the others being MISO (multiple input, single output) and SIMO (single input, multiple output).

Parental Control: The parental controls built into Windows 7/8/10 help parents determine which games their children can play, which programs they can use, and which websites they can visit, and when. Parents can restrict computer use to specific times and trust that Windows OS will enforce those restrictions, even when they're away from home.

Content filtering: To set the content filtering on the Android phone , go to apps > menu key. Choose 'Settings' and then "Parental Controls" then choose appropriately from 'Set Content Restrictions'. You can now choose which apps are allowed on your phone.

QoS stands for quality of service. In SOHO environment, QoS is normally set at router level. If you want to enforce QoS policies in your network, make sure you use a router, which is equipped with QoS software.

Port Forwarding: The computers on the network have been configured to use DHCP and private IP addresses. Therefore, you need to set up port forwarding to access the host computer running RDP. Remember, RDP uses port 3389 by default.

Locking Android phone: Locking your Android smartphone with a password, PIN or unlock pattern is your first defense against those who would use it for malicious purposes like stealing your info or sending joke texts to your friends and family.

To setup, go to Settings / Security / Set up screen lock, and choose to enter a pattern, or a password or a PIN. If you are looking for fast and easy way to unlock your smart phone, choose "Pattern".

Previous   Contents   Next