A Ten Step Guide (for Regular People) to Securing Your Home Wireless Network

February 9, 2010 - By Ivan A. Vazquez

February 9, 2010 – First of all, lets be clear. This article is of use to everyone. For IT and Security Professionals, it may all seem very elementary. For regular people, though, it is a very quick and straight to the point list of recommendations that skip all of the boring technical how’s and why’s. The fact is that wireless connectivity has become an integral part of our daily lives. Unfortunately, many people setting up wireless home networks rush through the job to get their internet connectivity working as quickly as possible. That’s totally understandable. It’s also quite risky as numerous security problems can result. Today’s Wi-Fi networking products don’t always help the situation as configuring their security features can be time-consuming and non-intuitive. The recommendations below summarize the steps you should take to improve the security of your home wireless network.

1. Change Default Administrator Passwords and usernames.
At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.

2. Turn on WPA-2/WEP Encryption.
All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a “lowest common demoninator” setting. For example, you may have a Nintendo Wii that connects wirelessly in your home network. In the past these and other video game consoles did not support WPA-2 encryption. In this case, you would have to choose WEP. It is not as strong as WPA-2, but some encryption is better than none at all.

cybersecurity

3. Change Default SSID.
Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally “linksys.” True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it.

4. Enable Mac Address Filtering.
Every piece of wired and wireless gear possesses a unique identifier called the physical address or MAC address. This is an identifier that is unique to your device and never changes. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to configure an access list, based on in the MAC address (commonly known as an ACL). This allows a user to easily restrict what devices are allowed to connect to the network. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily. It is, though, an additional layer of security that can discourage someone from going after you and choosing to move on to a weaker and less protected target.

5. Disable SSID Broadcast.
In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary and increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.

6. Do not Auto- to open Wi-Fi Networks.
Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor’s router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations. After you are done connecting to these devices, delete the connection.

7. Assign Static IP Addresses to Devices.
Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network’s DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

8. Enable Firewalls On Each Computer and Routers.
Many modern network routers contain built-in firewall capability. If your is firewall capable, leave it on. If it has a logging capability, let it log. This way, if you ever suspect something weird is happening, you can check it out in the logs. For extra protection, ensure your install and maintain a personal firewall software on each computer connected to the router. The built-in firewall that comes with Microsoft Windows XP, Vista, and Windows 7 is good for basic functionality, but you should consider purchasing a more comprehensive one that provides detailed logging and multiple modes of operation.

9. Position the Router and/or Access Point Safely.
Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage. If the router has an option to lessen the strength of the signal, tweak it back until it reaches the point in your home farthest away from the router, without losing signal strength.

10. Turn Off the Network During Extended Periods of Non-Use.
The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices each time you leave your home, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.

Is this a 100% complete and positively foolproof list? Of course, it isn’t. Anyone who has ever worked in securing anything knows there are no guarantees. In the end, we just have to plan for the worst case scenarios by implementing an effective level of security that doesn’t affect our ability to use whatever it is we’re protecting. So, armed with this knowledge, go forth and do great (and security-minded) things!

Ivan Vazquez, AKA The Reaper, is a CompTIA Security+ certified professional with more than 15 years of experience in the Information Technology universe, who specializes in network intrusion prevention, incident identification and analysis, content management, and vulnerability scanning and analysis. His past experience includes tenures with nationally and internationally-known technology companies. You can follow him on Twitter via @bladestorm61

Post to Digg

Related posts:

  1. Firewalls: A Guide for Normal People (Part 1)
  2. Firewalls: A Guide for Normal People (Part 2)
  3. Learn from Jennifer and Protect Your WiFi and Yourself
  4. Google Maps reminds us that Wi-Fi may be unsecured but it’s never really free
  5. Does Your Free Wi-Fi Access Provide Free Access to Sensitive Data, too?