Secure your WiFi network
Login | Register RSS
01/09/2012 - WiFi 

Secure your WiFi network

WiFi is great when it works, offers you greater flexibility & removes the need of wires getting in the way.  I find it especially useful, when wireless bridges can be used to connect 2 or more physical networks together, in places where running wires is not possible.  But remember that WiFi signals can be intercepted & those connections can be cracked.  Your network is only as secure as the weakest link (whether it be hardware, software or user related).  WiFi is not fool-proof & is not guaranteed to be secure.  However there are several things you can do to better secure your wireless network.

  • Update your wifi router/access point's firmware

    Check for firmware updates for your network hardware several times a year.  Keeping your hardware's firmware up to date, will close known security holes, add stability to your hardware & may even provide you new features/abilities. 

  • Do not use the default router settings

    You should go through all of the settings of your networking hardware & disable anything that is not needed or does not add extra security to your network.  Most home/SOHO networking equipment only apply basic security settings.  Usually they also enable many extra features, simply for ease of use, but at the expense of true security.

  • Change the default admin password

    It's amazing how many times I find the default login passwords still being used.  Default hardware passwords are all publicly available online.  Its usually "admin' as the username & a very common password (such as "admin", "manager", "12345", "password" or something very similar).  So if you don't want anyone easily jacking your hardware, change the default login password to something else (something with letters, numbers & if possible punctuation is best).

  • Disable remote admin access

    On the same lines as changing a default password, many network devices default enable remote administration access, so techs can remotely administrate the hardware from the internet.  By disabling the remote login abilities of your network hardware, you remove the ability for others to easily change the network hardware settings, without actually having physical access or without already being inside your network.  This reduces the surface area in which can be attacked.

  • Change your wifi network SSID (i.e the wifi network name)

    You should change the network name to something you will know, but others will not easily know.  This will go hand in hand with my next recommendation.

  • Hide your network SSID

    If you rename your network SSID & then prevent your wifi router/access point from announcing it to the public, a user will need to pre-know your network SSID name in order to configure it within their PC/device's wifi  network settings

  • Use WPA2 encryption, with a password

    Even though every WiFi encryption type has already been cracked in some manner, WPA2 is still the strongest layer of encryption offered.  This means it will take much longer to crack a WPA2 encrypted wifi network, then those using WPA or WEP encryption.  And my adding a password to it, that is just one more thing for someone needs to know before they can access your wifi network.

  • Disable WPS (Wi-Fi Protected Setup)

    WPS is a feature that exists on many wifi routers/access points, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Newer more efficient ways to crack wifi networks exploit a flaw in these PINs; the result is that, with enough time, a hacker can quickly reveal your WPA or WPA2 password.

  • Enable MAC address filtering

    Each wifi network card or wireless device has a unique MAC address assigned to that hardware.  You can limit which devices can connect to your wireless network, even if a rogue user has all of your other  wireless network settings & password.  Simply register all of your wireless device's MAC addresses in your router & then set the router the limit wireless access to only those MAC addresses.  This way, unless you have explicitly allowed them.

Its the combination of these things together, which makes your wifi just about as secure & protected it can be; without resorting to industrial level hardware & security.

Please refer to the manual for your wireless router/access point, contact your network administrator or PC tech for additional assistance on how to setup these things, if you do not know how.

While you are in the router, you may also want to consider these things,m which can simply improve your router

  • Consider installing an open-source router firmware (such as DD-WRT) to your wifi router/access point to further extend the abilities of your router or to fix security issues in the manufacture supplied firmware (especially with hardware which is no longer being updated/supported by the manufacture)

  • Disable wifi network types which you are not actually using (for example if your wifi router supports B, G & N wifi, but you only have G & N wireless devices, you can disable support for B devices) which will keep your wifi connection from stepping down to a slower speed to work with slower wifi devices in the area (if  you are not personally using slower speed device on your wifi network).

  • Lastly to increase wifi signal strength & reduce interference, you should either setup your router to auto-select the wireless channel for you or manually set the channel which has no other wifi networks on it or the channel with the the fewest/weakest signals.

Again please refer to the manual for your wireless router/access point, contact your network administrator or PC tech for additional assistance on how to setup these things, if you do not know how.


If you like this site or any of its content, please help promote it. Use the social media buttons below to help spread the word. Don't forget to post in the comments section.

  Print   Email