Securing your wireless is as important as securing your house by locking your doors and closing windows. There are many ways how intruders and hackers can access your network, but there are also many efficient ways to prevent them. For an average home user securing the wireless network can be a frustrating experience.
Following 10 steps should make this process a bit easier.
1) Change Your Router’s Default Password
This is the first brick in your defense wall. Many users often forget to change default password, putting themselves into risk of being hacked. Also, majority of computer users choose passwords easy to remember, which can be dangerous too. It’s been suggested that you should change your router password immediately after the login. Create a strong password with a mix of upper and lowercase letters and numbers, as well as symbolic characters. Password length should be between 8 and 15 characters, or longer in length, and should not be familiar word obvious to you (such as kids or wife name, birthdays, nicknames, etc). If your wireless router requires a username, it's a good idea to change it to another name other than the default name.
2) Upgrade Your WiFi Encryption
Side by side with changing the default router password is using encryption, which encodes the data transmitted between your PC and your wireless router. Most routers ship with encryption turned off, and many users don't know how to turn it on, leaving themselves completely exposed to hackers.
Go with WPA or WPA2 when possible, since WEP is relatively easy to be cracked. The keys used by WPA and WPA2 change dynamically, which make them harder to hack.
If your hardware does not support WPA2, use WPA. Creating a strong shared key (PSK) will lessen the chance of attackers successfully breaking into your network. If you have older router that supports WEP only, and you’re concerned about security, you'll be safer if you use 128-bit WEP keys. You may also consider upgrading to a new router along with your PC NIC cards.
3) Change Default SSID Broadcast on your Wireless Router
Usually, manufacturers assign identical SSID sets to their devices, and probably 80 percent of WiFi home users leave their system on the default setting and with the default name. Leaving your network SSID on default can be strong signal to hackers that you didn’t perform necessary steps to protect your network.
Change the SSID name to something other than the default immediately when you configure your LAN. This may not completely offer any protection as to who gains access to your network, but configuring your SSID to something personal, i.e. Chuck Norris Network may discourage hackers from targeting you and also differentiate your network from other “Defaults”.
4) Use MAC Addressing Filter on Your Wireless Router
If you already had an experience with unsecured networks, be sure that at least one of your neighbors used it to connect to the Internet. In order to check who has been using your network, you'll have to check the MAC address. Many routers allow you to restrict access to known MAC (Media Access Control) addresses. Each network device, such as computer network cards, has unique MAC address. By allowing access only to predefined MAC addresses you can reduce the risk of rogue users and neighbors connecting to your home network.
Be aware that this feature is not as powerful as it may seem. While it will stop your neighbor with average knowledge or some amateur hacker, professional hackers will use advanced software programs to fake MAC addresses.
5) Change the Default Router IP Address Setting
Router manufacturers set every router with certain IP address. For example, Linksys routers are usually configured with an IP address of 192.168.1.1.
These address settings are well known and published, and can be easily discover by hackers if they find out the router manufacturer and type.
Changing the IP address during the setup process to something different than default will not secure the router, but will make any hackers guessing for the IP address. Changing this setting will automatically change the DHCP IP addresses handed out by your router to PCs with an access to your network.
6) Use a Firewall
Two important security layers are router firewall and your individual PC's firewall. Make sure to use them both. Router firewalls come with related built in security featured which block anonymous internet requests or pings. This will help hide your presence to the internet, and thus help protect your network, making harder for hackers to infiltrate what they can't find.
Also, it’s recommended that HTTPS is enabled for connecting to the router administration setup over your local network. Disable remote access over the Internet setting as well. If you have to use it, enable it only when needed and change the default management port setting to something other than 8080.
7) Enable and Monitor Your Wireless Access Logs
Check your logs frequently for rogue access or clients attached to the network. If you spot unknown clients connected to your network, change your WEP or WPA code immediately.
Additionally, check the status screen that shows the MAC addresses of all clients currently connected to the network, and verify if they are known devices.
8) Position the Wireless Router Correctly
WiFi signals usually don't know where your house ends and your neighbor's begins. This signal leakage gives hackers and neighbors the opportunity to find your wireless network and access it. The further your signal reaches out of your house, the easier it is for others to detect and exploit.
Make sure to position the router or access point in the center of the home rather than near windows or doors. Signal sometimes cannot pass through certain materials, so you should take that into consideration when installing the network. Mounting your WiFi in a closet may be a good idea in order to reduce signal strength.
9) Stop Publicly Broadcasting your Network
Renaming your network is a good idea, but wouldn’t it be even better if hackers didn't know you had a WiFi setup at all? By default, your access point or router is programmed to broadcast the network name (SSID) over the air at regular intervals. While broadcasting is essential for businesses or mobile, it’s not needed at home, so you can turn it off.
Depending on your router model, you have to check the manual for your hardware for specific instructions on how to disable broadcasting for your router.
10) Turn off Your Wireless Router When Not in Use
When your router is powered off, your network cannot be compromised. Consider doing this when you go on vacation or if you won’t use you network for extended periods of time.
It’s inconvenient, but shutting down the network is effective security measure that can protect your network when you are not around to protect it from hackers.
Also, when using your laptop in public places, always turn your WiFi radio off when you're not at a hotspot. Hackers can use it to create peer-to-peer Wi-Fi connections with your computer and access it directly.
Bonus Tips
Change your router password occasionally. Also change your PSK several times a year. Limit the maximum number of DHCP users allowed on your network to just number of PC's in your house.
All mentioned should help you in managing your home wireless network safe and secure.
