Hardening your wireless network is always a good idea. It stops others from ‘leeching’ your Wi-Fi and also deters potential hackers. It’s also straightforward, doesn’t require technical knowledge and can be done in minutes. Read on for a few tips.
A few years back when companies began using wireless networks to connect to the internet rather than having cables snaking all over the floor, security consultants used to make a bit of a play. They’d drive through a commercial area, flip open a laptop and see what wireless networks were available. Invariably, most of the networks they identified didn’t have any security, so they could simply log onto anyone they chose to.
This still happens and is known as Wi-Fi leeching. But thankfully, most people today know that at a minimum they need a log-on password to protect their Wi-Fi network from other people using it. At the same time many of the consultants could quickly discover whether data sent over the network was encrypted and if it wasn’t, it would only required a few small steps to access this data.
Today routers encrypt data transmissions automatically. But any data sent over a wireless signal is always going to be potentially vulnerable to determined hackers. But you can protect yourself from this and ‘harden’ your Wi-Fi security with a few simple tweaks. Below are a series of tips that will toughen up your wireless setting and deter most Wi-Fi leeches and potential hackers.
Router management software
The first thing that needs to be done is to access your router management software. If you look underneath of the router, you’ll find an address which will be something like this: https://192.168.1.1. Enter this into your browser and you’ll be presented with a website that requests your user name and password for the router. These two will be on the browser and are typically something like ‘admin’ and a password like ‘ycbte7’. Please note, the password isn’t the same one that you use to access your wireless network when setting up a new device.
Once you’re into the router you’ll see information that tells you about the router such as downstream and upstream data transfer rates, IP addresses for different devices and encryption protocols. There will often be a ‘basic’ view and an ‘advanced’ view. The basic view provides the information while the advanced view lets you make changes. In the advanced view you’ll also see a list of other headings such as firewall, QoS and Wireless Settings. It’s a good idea to familiarise yourself with the interface but being careful not to make any inadvertent changes to the settings.
Most routers these days come with WPA2 encryption protocols. This is one of the strongest levels of encryption and if your router offers a choice between WPA or WPA2, choose WPA2 by ticking the box. This may already be set by default. It’s generally old routers that only offer WPA encryption.
Changing default passwords
Routers usually come with preconfigured default passwords for the both the router management software such as ‘admin’ and ‘ychtk7’ and for the SSID. SSID is simply the technical term for a network name. When you set up a wireless home network, you give it a name to distinguish it from other networks in your neighbourhood. This is the SSID. Changing the admin password, is usually found in the ‘System’ or ‘Administration’ areas of the router management software interface. Changing the SSID's passphrase is typically under ‘Wireless Settings.’
Your router is likely to come with a preconfigured SSID which you sometimes receive separately to the router hardware. If the SSID includes the name of the router maker or offers some clues as to who is supplying the router, you’ll need to change it because this offers clues to potential hackers. Someone who is determined could gain access to an unsecured network, and with a quick web search, discover the default password to the admin account just by knowing the type of router. As such you need to give your network a name that does not reveal the make or model of your router.
Most routers have a device list that shows the wired and wireless clients currently connected to the internet and how they are connecting, for instance via a LAN if you are connected via a cable or wireless via wireless. If you look through the router interface you’ll see all the devices that connect to the wireless network. This could include a desktop PC alongside smartphones and tablets. This is useful to know. If somebody is accessing your wireless network without you knowing about it, this device list will reveal it
The device list will also reveal a MAC address associated with each device. Each device you own comes with a unique media access control address (MAC address) that identifies it on a network. With MAC address filtering a router will compare a device’s MAC address against an approved list of MAC addresses and only allow a device onto the Wi-Fi network if its MAC address has been specifically approved. With the router management software you should be able to create a filter based on MAC addresses.
Creating a filter by MAC address allows you to grant or deny access to your wireless network based on the device being connected. To toughen your security you can grant access to only the MAC addresses of your devices. You have to enter the MAC address manually but these are in the device list, making the task straightforward.
Routers are basically little computers. By default, they run a manufacture-provided operating system, or firmware, to route network traffic and provide you with various settings and features. Every now and then router vendors will create and post new firmware for their products which can sometimes patch security holes too. But you’ve got to check their websites for this information. If you’ve got a relatively new router you can often update the firmware from the router’s software interface.
Hiding the name of your wireless network (the SSID) essentially stops the SSID from broadcasting its presence. You’ll notice that when you log a new device onto your wireless network other networks in the locality will appear on a list. If you hide the SSID by using the router management software your Wi-Fi network name won’t appear on these public lists. However, it does mean you will have to manually type in the name when you want to connect a device. Hiding the SSID isn’t a security measure as such but it will stop Wi-Fi leeching of your network.
Toughening the security on your router is always a good idea. You don’t have to follow all of the points above but even changing the default passwords would be enough to give you an extra layer of security. However, it’s worth having a look at the interface for the router management software, if only to give you an idea of the tweaks you can make and to familiarise yourself with your router, after all it is the gateway to the internet and also a front door to your computer.