Securing your Home Wireless Network
When leaving home, you wouldn’t leave the door wide open – you would shut it and lock it. The same principle needs to be applied to your home wireless network. Without any security in place, you are basically leaving the door to your network wide open for anyone to come in. This article outlines some steps you can take to ensure your home wireless network is configured securely.
Unauthorized individuals can gain access to your home network if you do not apply appropriate wireless security settings, leading to sensitive personal or company information being exposed and even your identity being stolen. Alternatively, your internet connection could be used to perform illegal activities, leaving you accountable.
Configuring your Router
To secure your home wireless network, the wireless router will need to be configured. Usually, the router is provided from your Internet Service Provider or the manufacturer with minimal security in place, if any at all. This is more often than not the way your ISP will want it to stay, as it is easy for them to troubleshoot when you call for future support, but this also means that your wireless network may be completely insecure.
Before making configuration changes; always have a copy of the router manual to hand for direction and a paper clip. The paper clip can be used to insert into the reset hole on the back of the router should a reset back to factory settings be required at any point. Always connect to the router using a cable when making configuration changes, as if changes are made wirelessly, connection to the router will likely be lost during configuration.
Minimum Security Controls
The following controls are considered the minimum security controls you should take to help secure your home wireless network.
- Ensure the type of encryption selected for use is ‘WPA-AES’ or ‘WPA2’ and your chosen password is at least 8 characters and not a dictionary word, name or date.
- Never use ‘WEP’ encryption unless absolutely necessary as it is not secure. WEP encryption is commonly the default encryption on routers provided by Internet Service Providers and should be changed to something more secure.
- This gives an attacker clues as to the router being used and its typical default configuration which may make your network a target of attack.
- The name of your network is often referred to as an SSID in your router’s configuration screen and should be changed to something insignificant and without meaning.
- By leaving these defaults in place, you are making it easy for anyone who has accessed your network to then access your router and make configuration changes.
- Change the default username and password, ensuring the password is over 8 characters and contains a mix of uppercase, lowercase, and numbers as a minimum.
Recommended Security Controls
The following controls are considered additional recommended security controls you can take to further increase the security of your home wireless network.
- If the wireless router is placed next to an external wall; the signal will leak outside, making it easier for unauthorized individuals to detect it and increasing the risk of attack.
- If you are able to do so, position your router in the center of your home to minimize the risk of wireless ‘leakage’.
- This will prevent your wireless network from being accessed or used while you are away and unable to notice anything suspicious. You will also save energy!
- Many routers have a switch on the back to turn it off. On your return, simply switch the router back on and wait around 5 minutes for everything to come back online.
- By publicly broadcasting your wireless network you could be making it a target of attack.
- Select to ‘disable SSID broadcast’ to prevent your network from being displayed in the list of available networks.
- If your computer is sitting in close proximity to the router and you have no need to move the computer around, then you shouldn’t need to connect wirelessly.
- Use a direct cable connection to the router and turn off the router’s wireless functionality. In addition to being more secure, your connection will be faster.
- By only allowing specific MAC addresses to connect, you are adding another layer of security by helping to prevent unauthorized computers from connecting.
- Select to filter or restrict by MAC address and enter the MAC address for each computer that will be connecting to the network. Any connecting computer that does not have a matching MAC address in the router configuration will be denied access.
- By disabling the IP address issuing service (known as DHCP), you add a further level of security as unauthorized computers will not automatically be granted addresses.
- Disable DHCP and manually assign each of your computers with a unique IP address.
Glossary of Terms:
WEP – Wired Equivalent Privacy
WPA – WiFi Protected Access
AES – Advanced Encryption Standard
SSID – Service Set Identifier
MAC – Media Access Control
DHCP – Dynamic Host Control Protocol
IP – Internet Protocol
*In Windows, you can find your computer’s MAC address by going to the windows command prompt, typing ipconfig /all and looking for the 12 character code labelled ‘Physical Address’. The IP address of your computer is labelled ‘IP Address’ and the IP address of your wireless router will be labelled as ‘Default Gateway’.