How to Secure Your Home Wireless Network

by Reads (6,990)

Wireless networks offer users a ton of freedom in terms of flexibility, but there’s a catch. Users must protect their networks against hackers and other cyber menaces. Many assume their home router is not at risk, but with wireless networks using radio waves that can pass through walls, anyone’s network signal could go beyond their home. This means  pesky neighbors, or even people just driving by, can access information off an unsecured home network. Fortunately, protecting your network from such threats is relatively easy and only takes a few steps.

Hardware

AC 1200 DB Wi-Fi Dual-Band AC+ Gigabit Router BelkinThe first step is buying hardware that is right for you. Depending on your needs, a mid-level or high-end router could cost anywhere from $50 to $250. Routers aimed at consumers for home use tend to be less expensive, while still offering all the essential features like wireless encryption, a built-in firewall and a four-port Ethernet switch for wired connections. More expensive routers are usually targeted at small businesses or multimedia enthusiasts, who need extra features such as wired connections at gigabit speeds and guest network access. With plenty of choices available from manufacturers like Linksys, Netgear, and Belkin, among others, determining what kind of network user you are is important to finding the best fit. Following the manufactured-recommended setup is typically painless, as most provide “wizards” to guide the process, including setting up basic security features. But suppose you want to double check your security, or aren’t sure it is set properly. In this case, you must manually enter the settings. This can be done by entering the router’s IP (Internet Protocol) address in a web browser, followed by the default username and password. This information can be found in the user manual, imprinted on the router, or if you’ve already misplaced the boxed instructions, a simple online search of the router model will likely produce such answers.

Passwords

Once you are logged into your router, creating a unique password is key. Since most routers come with the same default usernames and passwords (sometimes just “admin”), hackers can easily log into a network that still uses the factory settings for administration access. Usually a combination of numbers and letters is best, but make sure the password is something you won’t forget, as you will need to enter it whenever allowing other devices onto the network. Cisco Linksys EA6500 802.11ac wireless routerChanging the SSID, or Wireless Network Name, is another important step to securing a router, as most usually don the brand’s name or are pre-defined as “default” out of the box. This is basically a green light for people looking for a network to get into, as it typically indicates that a user hasn’t setup any security features. The SSID can be found under the basic wireless controls on a router’s settings page, while the password is usually located under the Administration settings. Creating a unique network name and password will not make a router locked-down secure, but they are certainly steps in the right direction. Next, users should enable a network encryption to prevent other computers in the area from using their Internet connection, as well as to protect data transmitted on the network. There are several encryption types for wireless settings, including Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA and WPA2). The basic encryption WEP is the least secure and really shouldn’t be used, as it can be easily cracked. While WPA and WPA2 are the better choices, WPA2 offers the most security, though it is only compatible with hardware manufactured since 2006 and requires more processing power, which could slow down a network slightly. Users can enable these encryptions by opening the wireless security settings on their router’s configuration page. Choose a pass-phrase that is easy for you to remember, but would be difficult for outsiders to guess. Users will need this encryption key anytime someone wants to sign into their network.

Securely Connecting Other Devices

Once these security settings are enabled, users must add the new settings to their computer and any other device they will connect to the Wi-Fi network. Almost all current entertainment and office electronics can be connected wirelessly on a home network. Similar to the way an iPhone or Android smartphone scans for an available Wi-Fi network to connect with, so do wireless printers, HDTVs and gaming consoles such as the PlayStation 3 and Nintendo Wii. Netgear Dual Band Wireless Router  With Ethernet Ports Users can easily connect a Smart HDTV to their Wi-Fi by searching through the wireless menu on the television to find their home network, which will display the SSID name chosen by the user. From there, simply enter the password on the screen as you would with any other Wi-Fi-enabled device. The same can be done for Wi-Fi capable printers by associating the printer with the wireless network. Users can select to have these devices automatically connect to this network, so they won’t have to enter the wireless name and password every time.

Keeping the Piggybackers at Bay

Netgear Dual Band Wireless Router Convinced that the people next door are using your Internet connection to feed their YouTube needs and illegally downloaded movies? Whether you want to ease your nerves or simply monitor who is on your network and what they are doing, there are plenty of ways to go about doing this. While there are various types of software available to let users observe their network’s activity, this can be done directly from the router as well. Most routers have some sort of log that relates to the activity on that network. These can tell users what devices are using the network and where those devices have been online, simply by displaying the IP and MAC (Media Access Control) addresses of the devices on the network. Users can also track the activity level of one device through these logs. The logs can be found on the same Web page used to change the router’s settings. Depending on the hardware, the logs may be labeled under Administration, Admin, Advanced Settings or Security. While it’s nice to think that people won’t take advantage of unsecured wireless networks, this sadly isn’t true. And rather than pay for Internet for your neighbors to use, while putting your information at risk, take these simple steps to protect your home network.

LEAVE A COMMENT

1 Comment

|
All content posted on TechnologyGuide is granted to TechnologyGuide with electronic publishing rights in perpetuity, as all content posted on this site becomes a part of the community.

  1. David Howard

    Wow, this article does not do what it says…and I call into question how technical the author was that blogged this?
    #1) Passwords – Numbers and letters are best? What about special characters, and the overall password length? If you use just numbers and letters, you will put a smile on anyone’s face that has made a Rainbow table. A good password is something you won’t find in a dictionary, and that has special characters in odd places that make it hard to know what the phrase says. A good password you can show to someone for 10 seconds, and after that they cannot write it down even after viewing it.
    #2) For your password WPA key, more is better, as it directly relates to the work-factor to break it. So, 63 characters means I would need a 42TB dictionary file to guess someone’s WPA2 key, over 4 days worth of work. Less characters, smaller dictionary file, less time. If you have a device that can do it, using a certificate on a USB flash drive works better, and combine that with a password or Radius and you are doing great. Never make passwords based on how easy they are to type or remember, you should ALWAYS be cutting and pasting your encryption key.
    #3) Changing the SSID does nothing, as does hiding it. My SSID is the stock one, and I have WPA2-Enterprise with a Radius server. While that will cost you $270 for a Meraki device, you can do well enough with a DD-WRT enabled router using their encryption.
    #4) WPA2 has not slowed things down since the hardware got faster years ago, this is dated information. If you are running a PC from 6 years ago, you should upgrade. I doubt WPA2 is going to make a dent in the CPU time of a 4 core I7, I5, or I3.
    #5) DO NOT CHOSE A KEY YOU CAN REMEMBER, BECAUSE IT WILL BE TOO EASY TO GUESS. It will be weak that you have to make a simple password for your router’s access, at least make your crypto key hard to guess. If you have a good router, or good firmware, don’t just change the password. Change the username too, and make it 14+ characters long, with special characters. That way, BOTH the default username, and the default password, have been changed. Novice hackers fall for this too often, so the teenager next door trying to get around his parents web filtering will not get on your network to porn surf.
    #6) I checked my routers, and most of the stock firmware’s let you view and store only the last 100 lines in the syslog. This makes sense, since the flash memory on these devices is somewhere between 208MB, they don’t have the space to store much. With a Linksys, and some other devices, you can pump your syslog to a PC you leave running; Linksys has the app for download for free. My Vonage device does not even let you push the syslog to another host, so I can’t even do that. I can only view the last 100 entries in syslog.
    If you want to watch for Piggybackers, you should run, or better yet schedule, IP scans, using something like AngryIP or any of the dozens of free scanners out there. If you need a good, free, Windows Syslog, Kiwi makes one. The problem with all of this is how many of you even know how to read those logs? How will you even know the MAC addresses of your devices, vs. your Piggybacking neighbor’s devices? Enter Wallwatcher. Yes, outdated and no longer being developed, but it still works. You can buy other apps, but for free this will get you light years ahead of the bad guys when it comes to watching your router. Some 3rd party firmware’s even will email you a weekly list of connected clients, my Meraki does this and tells me what I need to know.
    The other issue that reviewing the logs won’t do for you: what if your neighbor sets up one of his devices to be a repeater/router off of your network to Piggyback? You won’t see his clients because they will be behind his repeater/router. When I checked my logs, it never even mentioned the repeater; it treated it like a wired device. Also, you can clone the AP’s MAC to the repeater’s MAC, making it even harder to detect.
    In conclusion, I disagree with most of this article, and yes, I go to the annual Black Hat conferences. If you trust what has been said herein, you are only comforting yourself with false knowledge that you are secure. Want an easy way out to be secure? Spend! Get a Meraki and they do all the security for you, and you manage it from the cloud, you don’t even need to know your devices IP. They run the Radius server for you, and they monitor and report for Rogue access points and rogue clients(they call this service Air-Marshall). You can get instant alerts, or daily, weekly, etc, however you prefer to know what is going on with your WiFI.
    Want to go the cheap way? You will need to spend: TIME. Read up on DD-WRT, Tomato, Sveasoft (they still exist?), and other 3rd party firmware’s for the DEVICE YOU ALREAY OWN! Then, download and install the 3rd party firmware, and send the logs to a PC that you leave running most of the time. If your router can’t run a 3rd part firmware, goto eBay and buy a Linksys DD-WRT T-MOBILE edition with DD-WRT already installed for less than $50. Also, pickup/download Wallwatcher, and a network scanner. AngryIP will tell you all the allocated IP’s on your network(so will Advanced IPscanner), but it might not be bad to look into FREE Nessus, which you can schedule to run a discovery scan on the hour, and then email the report to you. These are just a few free starter ideas, with many more available as time goes on, many are open source or freeware. Again, for free, it just takes time to secure your WiFI network, or drop 3 Benjamin’s on a Meraki MR12 and have someone else do it for you as a service.