Many families setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive.
The recommendations below summarize the steps you should take to improve the security of your home wireless network. Making even a few of the changes described below will help.
1. Change Default Administrator Passwords (and Usernames)
At the core of most Wi-Fi home networks is a broadband router or other wireless access point. These devices include an embedded Web server and Web pages that allow owners to enter their network address and account information.
These Web tools are protected with login screens that prompt for a username and password so that only authorized people can make administrative changes to the network. However, the default logins provided by router manufacturers are simple and very well-known to hackers on the Internet. Change these settings immediately.
2. Turn on Wireless Network Encryption
All Wi-Fi equipment supports some form of encryption. An encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today including WPA and WPA2.
Naturally, you will want to pick the best form of encryption compatible with your wireless network. The way these technologies work, all Wi-Fi devices on a network must share matching encryption settings.
3. Change the Default SSID
Access points and routers all use a network name called the Service Set Identifier (SSID). Manufacturers normally ship their products with a default SSID. For example, the network name for Linksys devices is normally "linksys."
Knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone sees a default SSID, they view it is a poorly configured network and one that's inviting attack. Change the default SSID immediately when configuring wireless security on your network.
4. Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique identifier called the physical address or Media Access Contral (MAC) address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, which restricts the network to only allow connections from those devices. Doing this adds another level of protection to a home network, but the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
5. Disable SSID Broadcast
In Wi-Fi networking, the router (or access point) typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. Inside a home, this broadcast feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi routers allow the SSID broadcast feature to be disabled by the network administrator.
6. Stop Auto-Connecting to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying the user. This setting should not be enabled except in temporary situations.
7. Position the Router or Access Point Strategically
Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal spreads, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example.
When installing a wireless home network, the location and physical orientation of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
8. Use Firewalls and Security Software
Modern network routers contain built-in network firewall, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running additional security software on each device connected to the router. Having too many layers of security applications is overkill. Having an unprotected device (particularly a mobile device) with critical data is even worse.
9. Assign Static IP Addresses to Devices
Most home network administrators use Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to their devices. DHCP technology is indeed easy to set up. Unfortunately, its convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from a network's DHCP pool.
Turn off DHCP on the router or access point, set a fixed private IP address range instead, then configure each connected device with an address within that range.
10. Turn Off the Network During Extended Periods of Non-Use
The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.
If you own a wireless router but are only using it for wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.