Wireless Security: How much is enough?

The first couple of wireless routers I set up for my home and office networks, several years ago, came wide open: that is, they were preset at the factory to a common SSID with broadcast enabled, no encryption, and no MAC authentication. The point was that they’d work out of the box for a non-technical user.

That might be fine if you want your neighbors and any passers-by to be able to use your Internet connection, as long as you have all the computers on your network secured, and you don’t care about the legal consequences of others doing things on the Internet that could only be traced back to your router. It’s not really fine, though, because the courts have not been kind to the owners of open wireless routers that have been used for illegal purposes, such as transmitting child pornography.

I initially set my own routers to use WEP encryption with a pre-shared pass phrase, which was the best they could do; later, after applying patches to the routers’s firmware, I switched them to the more secure WPA encryption scheme with a pre-shared pass phrase, since by then WEP had been cracked. If I had a bigger network, I would have used 802.1x authentication instead of a pre-shared key.

Recently, Verizon upgraded my home wireless router to an Actiontec MI424WR. I was pleased to note that it came preconfigured to have some security: it came with WEP encryption turned on, and the preconfigured randomized SSID and WEP key printed on a label underneath the router. It also came pre-configured for medium firewall security.

Of course, I reconfigured the router to use my usual WPA encryption scheme with a pre-shared pass phrase. I also changed the supplied random SSID to my own SSID, so that computers I had already authorized to use my home network would still have access.

Should I be limiting access to specific MAC addresses? Should I turn off SSID broadcasting? Are there other measures that make practical sense? Or have I already done enough to secure my wireless networks?