Enhance Your Wi-Fi Network Security

WirelessSecurityWireless networks free you up to use your laptop wherever you want at home, but they can represent a major security risk if you don't set them up properly. Here's some easy but often-neglected ways to enhance the security of your home (or office) Wi-Fi network.

Picture by avlxyz

There's two reasons to protect your Wi-Fi network: security and saving money. Lots of data (including passwords and financial information) passes over your network, and accessing your router could potentially give a malevolently-minded organisation or individual access to that information.

On the financial front, if you leave your Wi-Fi network unsecured, anybody within range can potentially use your Internet connection for their own downloads. That might not seem a big issue if someone just wants to quickly check on email, but if your neighbours are regularly using your connection to download TV shows, you might find yourself going over your monthly broadband download limit and getting slugged with excess fees or a massively slowed connection. Securing your connection largely eliminates that worry.

Most newer wireless routers include some basic security setup, requiring you to create at least a password to access the system. However, there are extra steps you can take for added security.

Time to check the manual

Making virtually all of these changes will require you to use the administrative software (often also referred to as a management console) provided with your wireless router or broadband modem. Because the specifications vary so widely between models, we haven't provided exact step-by-step instructions: for that, you'll need to look at the manual that came with the device. If no printed manual came with the device, check on any accompanying CDs for a PDF version, or look on the manufacturer's web site.

The following principles usually hold:

  • Changing settings normally requires you to access the router via your web browser. Instead of a web address, you'll type in an IP address: a number in the form 192.168.1.254.
  • You'll need to supply an administrator name and password, which will be provided in the manual.
  • Once you're logged in, there's a variety of settings you can change, which we've discussed below. In many instances, you'll need to click on a Save button within the browser to change these, and sometimes you'll need to click on an Apply button after making changes as well. This feature also means you shouldn't panic about accidentally clicking something wrong — you can always go back to your browser home page, log in and try again.
  • If you have trouble accessing the console via your wireless connection, try plugging in a network cable to the router and your PC and accessing it directly.

Once you've logged in, here's some key options to consider.

Make sure you're using proper network security

Fortunately, the era where Wi-Fi routers were set up with absolutely no security has now passed. However, some implementations still use the more basic WEP security model, which isn't particularly secure at all. Enable WPA2 for better protection, and make sure you've chosen a sensible password.

Change the default SSID

ConnectToAnotherThe SSID (service set identifier) is the name assigned to your network — this is what shows up if you bring up a list of available wireless networks. By default, this will usually be either the name of the router itself, or possibly the name of your ISP if you've purchased the equipment through them. You can see both types in the screenshot above.

There are two good reasons to change the name. Firstly, specifying a unique name means you can be sure of which network you're connecting to (in an apartment building, it's not uncommon to see multiple instances of the same router). Secondly and more importantly, it means that any passing hackers can't automatically tell which equipment you're using. That information can be useful when trying to log into a given router, as we'll discuss further below. So find the section in the administrator to change your SSID and alter it to something more useful, though you might want to steer clear of too much identifying detail (such as your surname).

Don't broadcast the SSID

SSIDExampleEven after changing the SSID, it's worth considering making your SSID invisible — meaning that it won't show up on a list of available networks. To connect to it, you'll need to know its name and type it in (though you'll only need to do this once on your home machine). This can be a useful way of protecting your network: if someone is looking to grab bandwidth, they're always going to go with visible networks.

How the options is labelled within your router management console varies. In the sample screenshot, this is 'Hidden SSID'; on other routers, it's often listed as 'Broadcast SSID' and ticked by default.

Change the default passwords

UserNameAs we've already mentioned, when your router ships, it will have a default administrator username and password set. You should change the password as soon as you can. If you leave the defaults set, then anyone who works out (or finds out) what equipment you have can log into the router and change your settings. Follow our guidelines for picking passwords to come up with something memorable that's hard to guess.

Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?


Comments

    Another easily forgotten one is turn off DHCP and set the IPs manually... Also MAC Filtering but thats a touch more complicated.

      I'm not sure those extra measures would do any good; if someone is capable of breaking your WPA2 password, then they are definitely capable of spoofing a mac address and setting a static IP.

      Although if someone who can break WPA2 is attacking your network, you probably have MUCH bigger problems than losing a bit of quota.

    If you're familiar with WPA Rainbow tables, you know that selecting a non-standard SSID is the most important one. The SSID is used as the 'salt' for the WPA hash function.

    WPA with normal SSID and a dictionary password (incl numbers) is very easy to crack....

    i just wanted to state that disabling SIDD Broadcast has a Hugh effect on performance and signal quality, and if a hacker was wardriving and looking for networks to get into, they would be using special hacking software to see the hidden networks anyway, so they would know your sidd regardless of if you enable or disable it

    all you need is WPA2-Personal security with a 63key random numbers, letters, symbols, upper and lowercase password, and you are good to go, there are allot of websites you can use to generate these passwords, store it in a file on your computer with all your network settings, and make sure ur computer is secure and not a shared computer and your fine

    These are some great tips for securing your Wi-Fi connections. I wrote a similar blog post a while back describing additional tips for making your Wi-Fi connection secure.
    http://securityblog.astaro.com/2009/07/tips_for_securing_your_wifi_co.html#more

    Use WPA2 and give the router the MAC addresses that are allowed to use the router.

    That should slow them down if nothing else. Security is really about making it difficult and make them look elsewhere. Easy targets will always get hit first.

    As others are pointing out, the only ones that matter are using WPA/WPA2 *and* changing the SSID (and of course using a decent password).

    Turning off SSID broadcast (attacker only has to sniff one packet from the network and they get the SSID anyway), turning off DHCP and using static IPs (attacker only has to sniff one packet and they know what range is being used), and using MAC filtering (attacker only has to sniff one packet and they have an allowed MAC address they can spoof) only add a few hoops for an attacker to jump through, they don't make the network secure. MAC filtering and static IPs also make it harder to get your friends computer to join when they drop over.

    Changing the default router password is also a must, but by itself wont stop people using the network.

    "Secondly and more importantly, it means that any passing hackers can’t automatically tell which equipment you’re using."

    If they've been hackers more than a few days, they probably know that the first 6 digits of the MAC address of wireless routers identify the manufacturer. In fact, many of the free wifi scanning apps do a reverse-lookup and put in the manufacturer for you.

    And the advice to hide the SSID is counter-productive, as far as I am concerned. It does nothing to hide your network from average hackers, and it makes troubleshooting wireless issues much more difficult, particularly in multi-family housing. The free scanning utilities that home users generally use do not pick up hidden SSIDs, so you may choose a channel for your wireless router the same as your neighbor with the hidden SSID, his router a meter from yours on the other side of the wall, and you wonder why you you have such a slow network with so many dropouts. So you scan again and change the channel to one the same as your other neighbor who is hiding the SSID. It's needless hassle. Good neighborly behavior is to broadcast the SSID, and turn down the power of your router as much as possible in those living circumstances.

Join the discussion!

Trending Stories Right Now