Wireless networking has given much convenience, and wiped out the hassle of networking cable. Yet, the security of wireless networking remains a big concern among the users, especially when they’re dealing sensitive or private stuffs using WiFi.
Fortunately, all your worries would end here at the moment you stumbled at this article. Without further ado, we’re here to show the 8 different methods to secure a WiFi network from any potential malicious hacking. Of course, you’re allowed to combine 2 or more methods below to further enhance the security.
Different model of router might vary in way of setting, thus it’s good to refer to the particular router’s manual. If you feel so reluctant to secure your home wireless network, why not have a look at the video below? You might have a different thought after this.
1. Change the Wireless Network Encryption Type to WPA or WPA2
The encryption is the first line of defence of the wireless network, and it has 3 types:
WEP – Wired Equivalent Privacy is the most vulnerable type of encryption. It has shown numerous flaws in the system and has been deprecated in recent years. However, many users still using WEP because it is more compatibility friendly. It is just not all the electronics devices or gadgets support WPA, especially the old one.
WPA – Wireless Protected Access has better security over WEP and is supported by most of the adapter (devices).
WPA2 – WPA2 is the newer version of WPA and has the best security protection. It is available on all certified Wi-Fi hardware since 2006 and a good router should have this feature supported.
You can easily find a free utility at Google to crack a WEP encrypted wireless network by just following simple instruction. Believe me, you can even teach a 7 years old kid to do so. Albeit the WPA and WPA2 are not 100% secure, but it is good enough to brace against novice hacking.
Before changing the encryption setting, you would need access to your router. In most of the cases you should able to access the router by typing 192.168.0.1 at the browser’s address bar. This is the default gateway IP address, and in case it doesn’t work., then you should follow this: Start > Run > Type ‘ipconfig’ at the cmd > Look for the default gateway address.
For Mac OS users: Finder > Terminal > Utilities > Type ‘ ipconfig –a’ > Look for the gateway address.
Once you’ve logged in to the router, look for the wireless tab, and click in to the security setting. In there, you should able to see the authentication type, and change it to WPA or WPA2. As well, you need to key in a new WPA key (Password used to log in to your wireless network) too. Some routers can support the hybrid WPA and WPA2 mode simultaneously, which allow you to use the more secure WPA2 encryption whenever possible, while still maintaining compatibility with WPA adapters.
In short: Wireless tab > Security setting > Authentication > WPA/WPA2. Take note that the path might vary for different model of router.
2. Use a Strong Password for Network Key and Router
The network key, WEP key, and WPA key are the same, or commonly known as network password. You should keep the network key in secret because anyone can easily access to your wireless network, if they know the key. In other words, this is what an intruder would crack in first place before getting access into your network.
If you really no idea of how to create a strong password, I strongly recommend you to read our previous post about how to improve a password strength. This post would highlight the importance and the characteristic of a strong password to prevent hacking with brute force and dictionary method.
In short, use at least 128-bit encryption and the password should have 14 characters with the combination of numbers, alphabets, and symbols. If possible, the alphabets should contain upper-case and lower case, and of course, the longer the characters the stronger the password. Never ever use the default password for the router!
3. Change the Network Name or SSID
SSID is the short for Service Set Identifier, which is also the network name everyone can see. The default SSID usually is the brand name of the router (e.g. D-link, Belkin), and if you leave it to default, you’re like telling everyone what model of router you’re using. This could really pose a threat to your network security, and provide an easy path to a determined hacker.
Change the default SSID to something unique would help little on the security, because there are plenty of hacking tutorial specific for a particular router model. Don’t use any private or personal information for the SSID name.
4. Disable SSID Broadcast
By default, the router constantly broadcasts the SSID to the coverage area at a regular period. This makes the wireless network visible to everyone, including hacker. In a home wireless network, this constant roaming is not necessary and it serves almost no purpose. Once you have configured the network setting for your devices (e.g. computer, tablet, hand phone), the setting will stay. Furthermore, your friends are still able to connect to your network by manually key in the SSID name.
Normally, you can hide your wireless network by just ticking a (Disable SSID Broadcast) box at the router setting page. But, please beware that there are many free and simple-to-use software to sniff out a wireless network, even the SSID is hidden. My advice is not to depend solely on this method though.
5. Lower the WiFi Transmission Power
Not all the router support this feature, however, by lowering the WiFi transmission power, you can reduce the coverage range of the wireless signal. Albeit it’s normally impossible to fine-tune the power so perfectly that it wont leak outside the house, but with some trial-and-error, you can know how far the signal transmits outside your premise, and thus minimizing the hacking opportunity.
If you’re willing to shell out some money, WiFi-blocking paint is a good option to prevent neighbours or hackers from accessing your home WiFi network without authorization. This special paint contains chemical to absorb radio signal and prevent it from getting out and in.
6. Enable MAC Address Filtering
Every wireless networking card(device) has its own unique MAC address, which is composed of 12 characters of numbers and alphabets. It’s just like an identification of the device. To enable MAC filtering, you would need to find out the MAC address of all the known devices first. I have included the methods for some of the common one at below:
Example of MAC Address: E2:B9:A5:46:E1:2B
Start > Run > cmd > ipconfig /all. Then, try to look for the ‘physical address’ just below the ‘Wireless LAN adapter Wireless Network Connection’.
Mac OS X 10.5 and later:
Network > Name of your connection(e.g., Wi-Fi, AirPort, Ethernet, Built-in Ethernet) > Advanced > Hardware, Ethernet or AirPort tab > ‘MAC Address’, ‘Ethernet ID’ or ‘AirPort ID’.
Mac OS X 10.4 or 10.3:
Network > Ethernet or AirPort tab > ‘Ethernet ID’ or ‘AirPort ID’ is your MAC Address.
iPhone / iPad:
Setting > General > About > WiFi Address
After you have obtained all your devices’ MAC address, then you need to enable the MAC filter and key in all the authorized MAC address. After that, the network would only allow the devices which have been registered, and block the rest. It’s really an effective method to secure the wireless network, however, please take note that some expert can still change and clone the MAC address to sneak into your network.
7. Disable the Remote and Wireless Administration
Remote administration allows you to configure a particular router through the internet. You can use this feature to remotely help your friends to configure theirs’ router or vice versa. Normally this feature is switched off by factory setting, and unless you really need this feature, otherwise it’s safe to keep it off. You just don’t want any hacker crack your router via the internet.
You can configure the router wirelessly if the wireless administration feature is switched on. But again, it’s safe to switch it off to prevent any wireless hacking into the router. After switching off this feature, the only way to configure the router is through the LAN cable.
8. Monitor Who is Connected to your Wireless Home Network
You can monitor the activity of your router with the help of AirSnare. AirSnare is a free software to alert you to unfriendly MAC addresses on your network as well as to DHCP requests. If you have detected a malicious MAC address, you can simply blacklist the address through the MAC filter, and kick it out of your network!
Countless of loss is caused by malicious hacking, and the number of cases is growing tremendously every year. Needless to say, you just don’t want to be the next victim. By just spending a 15 minutes or maybe less than that to proper set up the router’s security, you could have enjoy yourself at the slumberland every night. So, what you’re waiting for? Quickly get the thing done, and we would really like to know if you have any other tips to secure our wireless network. Last but not least, please do not be hesitated to ask if you facing any difficulties, and we’ll do our best to help. Finger-crossed!