8 Steps to secure your wireless home network
The following steps describe how a user can secure a 802.11b/g/n wireless home network. Securing a wireless network is very important because if you don't, your neighbors can not only borrow your Internet connection, but also access your files and check up on what you're doing.
March 26, 2015
- Connect to your router via your browser, by inputting the Gateway IP Address.
Finding the Gateway IP Address and connecting to it in Windows:
- Click Start > Run > type 'cmd' > Click 'Enter'
- Once the Command Prompt window opens, type 'ipconfig /all' and hit 'Enter'
- Locate the line labeled 'Gateway' and make note of the number that follows. It will look similar to '192.168.1.1'
- Open Internet Explorer (or your favorite browser)
- Enter the Gateway IP Address into the address bar and click 'Enter'
- Enable encryption on your access point.
Two encryption schemes exist: WEP and WPA. WEP has been proven insecure, so using at least WPA is recommended, because it is much more secure. Some older access points or wireless cards do not support WPA2. If you have one of these, it is recommended that you purchase a newer one that supports WPA2, depending on how important you consider your security.
- Set the router access password.
After somebody gets access to the router configuration settings, that person can disable the security you have set up. If you forget the password, most routers have a hardware reset that will restore all of the settings to factory defaults. When you connect to the router via LAN cable while setting it up, you can copy and paste the password onto the router and onto your local setting, so you never need to type it again.
- Change the SSID to something unique.
A default SSID indicates to hackers that the network was set up by a novice and that other options are also left as the default. Use a name you can remember and identify, as the SSID has no influence on the security of your network.
- Enable MAC Address filtering on your Access Point or router.
A MAC (not to be confused with the computer model 'Mac') address is a code unique to every wireless networking card in existence. MAC Address filtering will register the hardware MAC Address of your networked devices, and only allow devices with known MAC Addresses to connect to your network. However, hackers can clone MAC addresses and still enter your network, so MAC address filtering should not be used in place of proper WPA2 encryption.
- Don't disable the 'SSID Broadcast'.
Do not disable the 'SSID Broadcast' feature of your Access Point or router. Although this would make your network invisible to your neighbors, any determined hacker can still sniff out your SSID; and you are implicitly forcing your computer to shout out your SSID anywhere you are, while it is trying to connect to it. Anyone could then impersonate your router with that SSID, and get your credentials that way.
- Disable remote login.
The first router worm brute forces its way into the router in this manner. Most default usernames are set to Admin. It isn't hard for a virus/worm to crack the password if the username is known. The good thing is that routers normally have this disabled by default. Be sure to confirm that it is disabled when you first set up your router and periodically thereafter. If you need to update your router setting remotely, only set up access for the time you are going to be connected.
- Disable wireless administrating.
Finally, change the setting that allows administrating the router through a wireless connection to “off”. This disables any wireless hacking into the router.