There is a real reason why wireless security is such an important topic these days… The allure of a wireless (WiFi) network is pretty strong. After all, the ability to wander the house with a laptop while reading CNN, watching Netflix, or reading the online version of your local paper is pretty neat. However, there is a downside because wireless networking also opens up your network to anyone nearby with a compatible WiFi adapter.
A network intruder may not even be aware they are using your network… a neighbor, for instance, may have just brought home a new laptop computer and accidentally connected to the internet through your network. Or perhaps you have a friend staying with you for the weekend who does not know much about computers and inadvertantly connects to your network for a week, and his browsing violates your wireless security by allowing a virus to take hold on your system. Or, more melovently, a hacker has been driving around the neighbor sniffing for a holes in residential networks, parks in front of your home, gains access to your network and plants malware, virus, spyware, or remote control software. This happens more often than you could imagine because these crooks know that most people rush through the process of setting up their wireless access point and do not take the time to evaluate the options for wireless security.
Your wireless security can be improved by implementing the following simple safeguards:
- Change the default administrator name and password on your wireless access point. Your wireless access point came with some default settings that allows you to configure the device. Most people do not take the time to change these, so anyone within range of your wireless router can access it and make changes to suit their needs… including locking you out of your own system. It’s a simple matter to change the default settings. Be sure to record the new administrator name and password someplace safe.
- Change the IP address of your wireless access point. These devices typically come with the IP set to a default value of 192.168.1.1. Everyone knows this, and that makes it easier for a hacker to target your define and try to break in. You should consider changing the IP address to something else within 192.168.x.x so hackers don’t have it so easy. Write it down in a safe spot if you do this.
- Turn off wireless access to the administration area of your wireless access point. Many wireless routers come from the factory with the ability to connect to them wirelessly and gain access to their management and configuration utilities. This is a dangerous threat to your wireless security! Anyone familiar with your type of wireless router could hack their way in and lock you! Every manufacturer calls this something different: Linksys calls it “Wireless Access Web” and there is an option to disable it in the administrative screens. When you disable this, you’ll have to have a wired connection to the device to access the administrative screens.
- Turn off Remote Management. Many wireless routers come with the ability to access their management and administrative screens by connecting through the internet. To do this requires the ability for the router to be exposed via the internet. This is problematic because anybody that knows the router IP address and login name and password can gain access. But sometimes it happens due to quirk in your network topology. In anycase, you can lock this down by disable remote router access. Again, it’s just another layer of protection to make sure unfriendly people don’t gain access to your home network.
- Turn off UPnP. This is one of those convenience functions that brings with in dangerous exposure… UPnP stands for “universal plug and play” and allows devices on your network (including wireless devices) to automatically gain access to your wireless access point and configure it. Sounds great because it saves you some steps. Wrong. It allows unscrupulous hackers to gain access to your device and do whatever they want with it. Turn this feature OFF because it is a huge hole in your wireless security. If you ever do get into a situation where a device or software you are installing on your home network needs UPnP on your router to work, than turn it on only for the time you are installing the item, and turn it off after the installation succeeded.
- Turn on WPA / WEP encryption on your wireless access point.These are encryption standards which require wireless devices trying to connect to your wireless access point to be running the same type of encryption so that hackers cannot sniff the signal from the air and read your network traffic. Your router and the connecting device both need to know a specific key or password prior to being allowed to connect. This cuts down on people trying to hack into your system. It is very important to enable this to ensure wireless security!
- Change the default SSID. This is the “Service Set Identifier” and is the name given to your wireless network. When you try to connect your access point with a laptop computer, for instance, your laptop will find the router and list it using this name. Linksys routers are all shipped with the SSID set to “Linksys” and that would be what you see when you connect. Change this to “grumpy family network” or something like that. This is not a huge security threat, but hackers look for the default settings and assume that if they have not been changed, the device is worthy of further hacking because other security measures may not have been set.
- Disable SSID broadcast. Broadcasting the network name is useful because new computers can list the network easily when they find it. This feature was really designed for mobile users that wander in and out of hotels, coffee shops, libraries, and different corporate networks often and need to easily find the name of the network to connect too. If you don’t have many guests that would connect via WiFi, than this feature is not as useful and allows people outside your home to easily find your network. Turn it off to reduce the ability for a hacker to locate your wireless access point.
- Enable MAC address filtering. Every device on the network has a unique identifying number associated with it’s physical address that is different than the IP address which is a changeable virtual address. Turning on MAC address filtering tells your router to only allow access to the devices you list in a table, and provides a huge increase in your wireless security. This will make it very difficult for anyone on a computer that you have not previously authorized to gain access to your network…. even guests that come to visit. This is very powerful, but not infallable. Read your documentation closely so you understand the implications.
- Enable firewalls on each computer and the wireless access points. All modern wireless access points include a firewall. Make sure it is turned on, and consider enabling the windows firewall to each of your wireless computers as well.
Ok, ok… I know this is a lengthy list. It’s really not difficult to do if you take them one item at a time. Implementing these safety measures will go a long way towards increasing your wireless security. The most time consuming part of this is probably just finding the right areas of the documentation for your specific device. But, don’t hesitate! Do it soon to increase the security of your WiFi setup.