How to secure a WiFi Router/Network

An open router might be a nice perk for your customers if you run a coffee shop, but at home it leaves you vulnerable to undesired unauthorized use. Fixing it doesn’t require a degree in computer science.

 

What you need to do:

  • Update the firmware on your router.
  • Choose a unique SSID. Don’t use your address, home phone or other personally identifying information.
  • Enable WPA2 protocol with AES encryption. WPA and especially WEP are too easily hacked.
  • Choose a strong password. 13 characters using upper & lower case and numbers is sufficient.
  • Disable WPS/SES. WiFi Protected Setup or Secure Easy Setup. Don’t be lazy, typing in that password isn’t a big trade-off for better security.
  • Disable auto-connect on all devices. You don’t want to login to your bank while on an unknown router.

 

What you should also do:

  • Enable the router’s sysadmin password.
  • Disable http access in favor of https access.
  • Disable WiFi access to admin so router must be admin’d via ethernet hardwire.
  • Disable remote admin so nobody outside you LAN can change router settings.

 

Do under certain circumstances:

  • Disable UPnP. Note this will require manual port forwarding entries to allow certain services such as chat clients, games, security cameras etc.
  • Enable MAC address filtering. This will require manually adding the MAC address to the router’s ‘allowed’ list. This may be a nuisance if you have a constantly changing list of devices. It’s also not a substitute for WPA2 and a good password, but it can allow you to temporarily grant/deny access to specific devices and is one more barrier to unauthorized access.
  • Disable SSID. and set each device to connect to your hidden network. The casual passer-by won’t see your network, unless they’re using special software tools. Only do this if all your WiFi devices are in-house all the time as mobile devices used elsewhere will broadcast your SSID looking for it, which may reduce battery life and clue in others what your home SSID is. There’s a LOT of hoop-de-dah about this on tech forums, just know that disabling SSID is not really hiding your network.

 

Tech article by Kenn Ranous. See other articles under ‘computer’ for how to secure your personal computer,  yahoo email and online security DVR system.

Advertisements
%d bloggers like this: