To keep people out of your home or business’s wireless network, use these steps to tighten up security and protect yourself.
When that new router comes into the house from the local cable company or whatever telecom you use, it’s too easy just to plug it in, connect up, and start playing the latest version of Fortnite or getting ready for a night of Netflix and chilling - only you really intend to watch Netflix and eat some ice cream, not the other kind of “Netflix and chill”.
But just plugging in that router without taking steps to protect yourself is like buying a new house and moving in without changing the locks and leaving the front door open. Or perhaps a better analogy is like a car. There’s an old saying that if someone really wants to steal your car, the point isn’t trying to stop them, but making things so difficult and annoying for them that they move on to an easier target.
These are 6 things that can be done to make sure that your WiFi network is safe, secure, and still works well enough for those late night Player Unknown BattleGrounds sessions. Let’s go over how to secure your WiFi so you can use the Internet with a little more peace of mind.
If you’re wondering “How to Secure My WiFi”, start here: don’t use the default password. Too often the default password is “000” or “password” or in the case of routers, it’s the serial number, which is on the side of the router. This means if anyone has seen the router or taken a picture of it could figure out what the administrative password is, and use that to reconfigure the router to steal information from you.
So the first thing to do when looking to secure a WiFi router:
That’s the first step to securing your WiFi network. But it’s not the last.
The SSID is the identity for your secure WiFi network. It’s the name people use to find it and connect to the network, and how to set it apart. It’s also set by default by your router, usually some combination of its serial number like “F27N37552” or, even worse it identifies what kind of router it is like “NetGear001” or the provider with “VerizonBox”.
All of these are bad for different reasons. With the SSID telling the user what kind of network or router is being used makes it easier for hackers to figure out the best way to attack your network.
Stop them by changing the SSID.
Some routers even let you specify multiple networks (more on that in a moment).
Check your manual, but the typical steps are:
Save those settings. The WiFi network will still work, it just won’t tell everyone about it. While you’re at it, make sure that the Pre-Shared Key is something unique. Don’t stick with “password” or “mine” or your date of birth. A few words that are easy to remember, but unique to you is best.
Now we’re hidden and people just can’t get in without permission. But there’s still more.
Most modern routers automatically turn on encryption by default. But — are you sure it’s enabled? Don’t assume it is — check it. It should be at least set to WPA2 — this uses an encryption algorithm called AES. Don’t worry about what that all means — it’s like a series of locks. Under the old system WEP, someone could just keep trying keys until it unlocked the door into your network. Under WPA2, there are millions of keys that have to be tried before there’s even a chance to get in.
The steps for turning this on for your WiFi network will differ with each device, but just like Step 3, take a look at your WiFi network:
Some routers support an encryption protocol WPA2-AES/TKIP. This is in the event that your system supports WPA2, but not WPA2-AES. This should only be used if you have some older devices around.
Supporting encryption will help keep people from listening into your network when you’re doing things like banking, looking up voting information, or binge-watching the latest episodes of “Pretty Little Liars” (I’m not judging you).
Sometimes you’ll have friends or family over. And when they’re with you, they’ll ask the most dreaded question of all: “What do you think about politics?”
Then they’ll ask the second most dreaded question: “What’s your WiFi password?”
Before you start the pitchforks and torches, there is another option: create another WiFi network. Many routers support the ability to specify two networks.
A good idea is to set up a secondary WiFi network, usually called a Guest network. Just for guests. They can have the WiFi password for this network, connect in, and not have central access to the main WiFi network.
Why do it this way? It’s not that you don’t trust your family. Except maybe Aunt Edna, who you are pretty sure stole your My Little Pony DVD collection. But if they have your WiFi SSID and password, if their laptop or tablet is ever compromised, that means a hacker can have it as well and get into your network.
Set up the guest WiFi account — if your router supports it, and here’s a good practice:
Setting up a guest network and allowing access only when needed cuts down on the odds of someone breaking into the network.
A firewall is a barrier where only traffic that allows comes in or out. Most of the time, the most effective rule for any firewall goes like this.
There are other important settings to tweak on the firewall. Another good setting if supported by your router is “Enable Ping Blocking.” Ping Blocking is where a router will respond if someone sends a “ping” to it. Sometimes a hacker will have a program that will continually pink networks to see if they’re active, then start trying to figure out what’s running on it. If your router is set to ignore Ping requests, then it stops people from evening knowing you’re there.
Another setting is to block “fragmented packets.” A packet is a bit of network, containing a header saying where the packet is going and what information it carries. It’s like a letter that computers send each other on the network. The envelope shows where the letter came from and where it’s going to, and inside the letter is the actual information.
But sometimes a hacker will send a fragmented packet. This is a packet that is formed badly on purpose to confuse the router or computers into accepting bad information that they usually would deny. It can trick the computer into granting access because the computer will do it’s best to guess what the fragmented traffic is trying to get to. By denying these, it prevents those issues in the first place:
Locking down the network with the five steps listed are a good start to good wireless network security.
Past just locking it down, you should also know what’s out there on the network, and in your building. Sometimes a clever hacker can get into a business and plug in a small WiFi router into the Ethernet network so they can access it from outside the building.
You’re going to want a good network analyzer to find any rogue WiFi networks in your building. Download NetSpot — the free version can show the different networks it detects. If there are networks that are coming on strong or aren’t ones you know about, it can help you find them and shut down.
Secure your network with a bit of simple locking down of the system, and using NetSpot to find anything that doesn’t belong and turn it off so people can snitch on what your network is doing without your authorization. It’ll grant peace of mind and save a lot of heartaches after.