This is a magical era. All of us have Super-Computers in our pocket and instant wireless access to the Internet with the flick of a finger. Modern WiFi routers give us nearly 1Giga-byte of data transfer speeds in our home. Movie Streaming and Gaming have never been better! Now let’s take a moment to consider something…did you rush installing that network to make the kids happy? Or did you methodically secure it to keep out bad actors?
Sad truth is home WiFi networks are a target of criminally minded people. An insecure WiFi router is an entry point to your network and can be easily hacked. They could spy on you, steal passwords, download illegal child pornography, send threating emails to public officials and more. The consequences to you could include visits from the police since that activity is coming from your network router. Yikes!
Here are eight easy to implement tips to ensure your WiFi network is secure. Making all or even few of these changes can increase your security posture and protect your family. (note: there are many routers and many different ways to do these steps, consult the documentation that came with the router to enable these features)
Be Strong, Change the defaults
All WiFi routers have an administrative web page that allow you configure the router, enter account information and other things. Cable/Fiber providers that provide a WiFi router may have preconfigured it for you. Trouble is, they all share the same default Administrator username and password. And these defaults are well known and easily found on the Internet. So if you do not do anything else, make sure to change these defaults first.
Follow your device’s instructions to access the router using the default username/password provided to you. Within the configuration settings of your router change the default Admin name and password. The username “admin” is almost universal and makes it easier for a hacker to brute force various passwords. Choose and admin name it is easy to remember (and write it down).
Choose a strong password and replace the default password. The password should be about 12 characters long, does not show up in a dictionary, is a mix of letters and numbers, and does not use sequential keys. This makes it more difficult for a hacker to guess or write a program to find your password. “password1234” is a weak password while “P@$$word1@3$” is stronger. (and don’t forget to write it down)
And read our article about two-factor-authentication to secure your personal Internet accounts.
Be Stealthy, Hide Your Network
Wireless access points broadcast the network name to make it easy for users to find the network and connect to it. Called the Service Set Identifier (SSID), typically defaults to the manufacturer’s name or derived from a unique code from the manufacturer. This makes it easier for a hacker to drive through the neighborhood, locate your network, and formulate an attack. How many routers in your area are named “linksys” or “xfinity?”
When you setup your router, change the default SSID. Do not use your name, address, or personal information in the SSID. Use an SSID that has a combination of letters and numbers that you can remember. (something like mySS1D2017)
Next, disable the SSID broadcast. This setting prevents the SSID from showing up in the list of available networks. This is not a foolproof but stops the casual hacker from quickly seeing and knowing there is a network there to hack.
Be Smart, Use Encryption
Modern WiFi routers have built in wireless encryption to prevent hackers from simply “sniffing” your Internet packets in the air and reading it. Ensure that your router has the WPA or WPA2 encryption protocols enabled. If WEP is enabled, turn it off and turn on the better-implemented protocols WPA or WPA2. (read more about wireless encryption from How-To Geek)
Be Stingy, Filter Devices
This is an advanced tip to implement and may take some time. Each network-enabled device has a unique identifier tied to the network interface call the Media Access Control (MAC) address. Your WiFi router tracks devices with approved access by the MAC address. MAC addresses are a hexadecimal number that looks like: F0-1F-2F-2A-7B-A4 and is found in the device’s network settings.
Within your router’s settings is an option to restrict access by MAC address. This is an all or nothing option. When enabled, you manually enter the MAC address of every item on your network. If you add additional devices (such as a guest) you must again update this list. The concept is simple and prevents un-authorized users from even connecting to your router to attempt to gain access. A determined hacker can still fake his or her own MAC address to gain access.
Be Secure, Enable your firewalls
Your router should have a built in network firewall. Network Firewalls are software that filter incoming and outgoing Internet Packets and either rejects or accepts it based on a set of rules. Rules prevent malicious applications access to your network or allow services like Voice over IP into your network. If you router does not have a firewall, pack it up and take it back to the store for a refund and buy a better router. Make sure that your router’s firewall is enabled. In some circumstances, you will need to write your own firewall rules (a topic for another blog post).
You also need to consider a second layer of security buy installing a software firewall on your primary household computers. This “multi-layered” defense and can protect your data in the event a hacker does manage to into your network. McAfee and Symantec both have excellent home based firewalls available.
Be Clever, Change the IP Addresses
This too is an advanced tip. While we live in a magical age, we have also used tech to make us lazy. Years ago, each device on a network had an assigned an IP address and then manually configured to access the internet. Not anymore. Now our routers have DHCP (Dynamic Host Configuration Protocol) built in and assign an IP address and configure our device when we access the network. Great! Easy! Bad news, though, the bad people get the same service and auto configuration when they access your network. Boo!
You can (if you know what you are doing, if not you will break your network) disable the DHCP server and tell it to use a set of fixed private IP addresses instead. In the settings disable DHCP and define a range to use. Then manually configure each device with the IP address, gateways, DNS servers, and other settings. You may want to write these down since no two devices can operate on the same IP address. This is difficult to manage in today’s Smart Home environment but makes it much harder for someone to get into the network.
Be Current, Update Firmware
You update your Samsung phone each time a new Andriod version comes out. Right? When was the last time you updated your router? Manufactures routinely update firmware for their router to add features that improve the cyber security posture of the device. Make sure you have enabled the auto-update feature and periodically do a manual update of the router’s firmware. Hackers generally know older vulnerabilities and will attack those first. Staying up to date is a great way to stay ahead of them.
Be Green, Shut it down
Traveling? Going to bed? If your WiFi router is on, it is vulnerable to attack. If you are traveling or gone for an extended period why not shut it down? Uses less electricity and if there is nothing to attack then you are pretty darn safe!
Did you find a useful tip to secure your network? Is there tip that you would like to share? Please use the comments section below to share your tip.