In light of the latest KRACK Wi-Fi vulnerability (for more on KRACK click here) that was discovered, we figured an article on shoring up wireless networks was in order. So below are several top tips for securing your wireless network.
Router Admin Username and Password
This first one is so basic but you’d be surprised how many routers still have the default username and password after they’ve setup their router. As a quick bit of advice, username ‘admin’ and password ‘password123’ are not even close to secure. These are the first usernames and passwords checked by hackers. Why? Because people still don’t change them and it’s low-hanging, easy fruit to pick for anyone up to nefarious activities.
So the first line of defense is to change the default username and password on your router’s admin account and make sure the password is very secure. Secure passwords should be at least 12 characters long (the longer the better actually) and contain upper case letters, lower case letters, numbers, and a special character or two ($*!@, etc.). For more advice on picking a strong password check out this article here.
Like any password, it is advisable to change the password from time to time on your router admin as well. This is the gateway to your WiFi network and should be guarded to the highest extent possible.
It’s the same with the network name. All routers come with a preset network name that’s known as a service set identifier (a.k.a. SSID). Most SSID’s will be simple like Netgear12 or LinkSys67. Generally it’s the brand of the router and some arbitrary number. While this may on first thought seem okay to keep because you want authorized people to be able to find your network, it actually isn’t a good thing to do.
Like I said previously, most routers will use the brand name in the SSID and this allows hackers to grab some free information. Now they know what type of router you use and knowing your router type allows them to find out more about your network and ultimately aids them in hacking into your network.
So changing the router’s network name should come right after you change the admin username and password. But don’t despair because you can name it anything you want, which can be fun. I’ve seen SSID’s named ‘FBI Surveillance Van 1’, ‘Get off my wifi’, and various other fun things. So make it fun and pick something that amuses you or that’s easy for you to remember when you see it. The point to changing it is so that you’re not giving anyone any free information so make sure the name you change it to doesn’t either. Don’t use your address or full name or any other identifying information that could aid in any social engineering efforts that hackers might like to use.
Even though it might feel excessive, if you really want your WiFi connection secure it’s best to change the network name from time to time as well. It will require changing the information on all your WiFi enabled devices as well but once that’s done you’ll be up and ready to go again.
It’s a pretty sure thing that the WiFi router you own has encryption technology in it and although it’s pretty standard to use encryption it’s best to verify that you are indeed using it. Generally when you’re setting up your router it will walk you through the set up process and make sure you use encryption. The best one to use is WPA2 Personal (WPA2-PSK). If your router only has WPA Personal it would be best to go buy a new router with WPA2 Personal. Then set the encryption to AES and it will prompt you to create a network key. This network key is the key you will need to enter into all your WiFi enabled devices in order to connect to the WiFi so make sure you memorize it.
At first glance, having a guest network seems like a nice idea for anyone visiting your home. This way you don’t have to give them the network key to your actual encrypted home network. However, guest networks don’t have an encryption password and therefore are easy for anyone in the vicinity of your WiFi network to just jump on and use it. No muss, no fuss!
As a rule you should always turn off the guest networks feature. Generally speaking, if you’re going to allow someone to use your network then you should be comfortable enough to give them your encrypted network key rather than leaving a door open for anyone in the area to use. If for some reason you feel insecure giving them this information then you might want to either not give them the network key at all so they can’t use your network or change your network key after they use it.
Virtual Private Networks (VPN)
Virtual Private Networks, also known simply as VPNs, are basically a private tunnel between your device (laptop, phone, tablet, etc.) and the internet using a third-party server. It helps to hide your identity and can even make it look like you’re in another country. This helps prevent hackers from sniffing around and seeing your internet traffic. VPN’s can be used by anyone and are equally useful for home networks, business networks, and for anyone who uses free public WiFi in cafes, airports, or hotels and is highly recommended for all.
For more details on Virtual Private Networks and which ones to use, you can read our blog called Choosing A VPN Service For Your Business here. Despite the name of the article, a VPN is a good idea for anyone who goes online, which basically means everyone.
This is one that most people forget about once the router is up and running and that is to update the router firmware. Just like any other software you use on your PC, laptop, phone, or tablet, the firmware on your router should be constantly updated. These updates not only include functional updates but also security definition updates to keep the latest and greatest security vulnerabilities updated so your router has less chances of being hit by the next big security issue.
Some newer routers allow you to set the updates to happen automatically as they come out. This is a smart thing to use considering most people don’t remember to update it on their own. If you don’t have that setting or would prefer to do it yourself, then make sure that you update the router’s firmware at least every month.
Turn Off WPS
WiFi Protected Setup or WPS is a feature on routers that allows you to just tap a button on the router to pair devices quickly with the encrypted WiFi network. However, this is not a great feature because it allows anyone who has access to your router to pair up to your network with a touch of a button. Convenient for you or trusted guests to your home but not a great idea if you have people hanging around whom you don’t want to give access your network. Unless your router is locked up and not accessible to unauthorized people, this feature should be shut off and not used.
Turn Down Broadcast Power
This one is for those of you who have such great WiFi signal that you can wander outside and still search the internet with ease. If this is the case, you should know that everyone else that wanders into that WiFi radius can also access your internet. These types of powerhouse WiFi signals are the ones that War Drivers are looking for. War Drivers are people who drive or walk around with WiFi enabled devices looking for WiFi networks. Generally they are looking for unsecured networks but just being able to find your network can give someone something to work with if they are looking to do nefarious things.
In most cases, it is not necessary to have a network with that strong of a signal. If your network casts a strong enough signal that you can wander around outside and still search the internet without any trouble, you might want to turn down the broadcast power on your router to 75%. This will still make it available throughout your home or business but weaker or undetectable from outside.
These are just a few of the most important settings and things you can do to secure your Wifi network. If you are a business or you just require a more secure network environment there are professionals who can help you do that as well. However, if you just do these few things, you will be miles beyond the average network security that most people use.
Network breaches can be scary and frustrating, but there are experts that can help you secure your business or personal infrastructure. If your network has fallen victim to a security breach or you would just like more information on how to secure your network from possible cyber attacks, click here to contact our team of experts at Data One Networks.