Securing your Home Wireless Network

RouterWhen leaving home, you wouldn’t leave the door wide open – you would shut it and lock it. The same principle needs to be applied to your home wireless network. Without any security in place, you are basically leaving the door to your network wide open for anyone to come in. This article outlines some steps you can take to ensure your home wireless network is configured securely.

Unauthorized individuals can gain access to your home network if you do not apply appropriate wireless security settings, leading to sensitive personal or company information being exposed and even your identity being stolen. Alternatively, your internet connection could be used to perform illegal activities, leaving you accountable.

Configuring your Router

To secure your home wireless network, the wireless router will need to be configured. Usually, the router is provided from your Internet Service Provider or the manufacturer with minimal security in place, if any at all. This is more often than not the way your ISP will want it to stay, as it is easy for them to troubleshoot when you call for future support, but this also means that your wireless network may be completely insecure.

Before making configuration changes; always have a copy of the router manual to hand for direction and a paper clip. The paper clip can be used to insert into the reset hole on the back of the router should a reset back to factory settings be required at any point. Always connect to the router using a cable when making configuration changes, as if changes are made wirelessly, connection to the router will likely be lost during configuration.

Minimum Security Controls

The following controls are considered the minimum security controls you should take to help secure your home wireless network. 

PadlockEncrypt your network – ‘WPA’ (not ‘WEP’)
- Encryption ensures all data flowing across your network is scrambled and unreadable to individuals who may attempting unauthorized access.
- Ensure the type of encryption selected for use is ‘WPA-AES’ or ‘WPA2’ and your chosen password is at least 8 characters and not a dictionary word, name or date.
- Never use ‘WEP’ encryption unless absolutely necessary as it is not secure. WEP encryption is commonly the default encryption on routers provided by Internet Service Providers and should be changed to something more secure.
 
 
WirelessNameChange the name of your network
- The default name given to a wireless network is commonly the name of your Internet Service Provider (e.g. Bell) or the router manufacturer (e.g. Linksys).
- This gives an attacker clues as to the router being used and its typical default configuration which may make your network a target of attack.
- The name of your network is often referred to as an SSID in your router’s configuration screen and should be changed to something insignificant and without meaning.
 

Login

Change the router’s default access credentials
- Routers commonly ship without any access password or a default username and password of something like username: admin, password: admin.
- By leaving these defaults in place, you are making it easy for anyone who has accessed your network to then access your router and make configuration changes.
- Change the default username and password, ensuring the password is over 8 characters and contains a mix of uppercase, lowercase, and numbers as a minimum.

 

Recommended Security Controls

The following controls are considered additional recommended security controls you can take to further increase the security of your home wireless network.

CentralizeCentralize the position of your router
- Wireless networks commonly emit signals in a radial fashion from the location of the router.
- If the wireless router is placed next to an external wall; the signal will leak outside, making it easier for unauthorized individuals to detect it and increasing the risk of attack.
- If you are able to do so, position your router in the center of your home to minimize the risk of wireless ‘leakage’. 
 
 
TurnOffTurn off your wireless when away
- If you are away for an extended period of time, then it is good practice to turn off your wireless network.
- This will prevent your wireless network from being accessed or used while you are away and unable to notice anything suspicious. You will also save energy!
- Many routers have a switch on the back to turn it off. On your return, simply switch the router back on and wait around 5 minutes for everything to come back online.

 

SSIDBroadcastDisable network name broadcast
- Network names (or SSIDs) are commonly broadcast by default. When checking for available wireless networks, you probably see your network and a number of others.
- By publicly broadcasting your wireless network you could be making it a target of attack.
- Select to ‘disable SSID broadcast’ to prevent your network from being displayed in the list of available networks.

 

EthernetGo wired instead of wireless
- No one can access your wireless network if you are not using wireless in the first place.
- If your computer is sitting in close proximity to the router and you have no need to move the computer around, then you shouldn’t need to connect wirelessly.
- Use a direct cable connection to the router and turn off the router’s wireless functionality. In addition to being more secure, your connection will be faster.

 

SecureFilter by MAC Address*
- All computer network cards have a unique identifier known as a MAC address.
- By only allowing specific MAC addresses to connect, you are adding another layer of security by helping to prevent unauthorized computers from connecting.
- Select to filter or restrict by MAC address and enter the MAC address for each computer that will be connecting to the network. Any connecting computer that does not have a matching MAC address in the router configuration will be denied access.

 

IPAddressDisable the DHCP service*
- By default, when you connect to your wireless network, there is a router service that will dynamically select and issue your computer with a unique network address known as an IP address. This address identifies your computer on the network.
- By disabling the IP address issuing service (known as DHCP), you add a further level of security as unauthorized computers will not automatically be granted addresses.
- Disable DHCP and manually assign each of your computers with a unique IP address.
 

Glossary of Terms:

ISP – Internet Service Provider
WEP – Wired Equivalent Privacy
WPA – WiFi Protected Access
AES – Advanced Encryption Standard
SSID – Service Set Identifier
MAC – Media Access Control
DHCP – Dynamic Host Control Protocol
IP – Internet Protocol

*In Windows, you can find your computer’s MAC address by going to the windows command prompt, typing ipconfig /all and looking for the 12 character code labelled ‘Physical Address’. The IP address of your computer is labelled ‘IP Address’ and the IP address of your wireless router will be labelled as ‘Default Gateway’.

 

 

Tagged as: , , ,

Leave a Response