Today, most of us have a WiFi router in our home to provide internet access to all the family. In an apartment building, the router’s signal extends into neighboring apartments. So in this situation, we all need to secure WiFi router from being hacked by bad guys.
Having an open wireless network can be a security risk as it may allow anyone who is close enough to your router to access your network. Unlike physical networks, WiFi systems can extend beyond the walls of your home. Once the password for access gets out in the world, it is very difficult to control who can access your home network. Therefore, you need to do something that protect you from intruders, snoopers, and hackers.
Secure WiFi Router
Actually, we have two major security issues to deal with. The first is that we need to control who can actually access our network. The second problem is that of the signal footprint. If people outside our home can pick up a signal from our router, they can also capture data and gain all of our passwords.
In order to secure WiFi router, consider the below suggestions. Here are some simple but important tasks that would help you secure WiFi router.
1. Keep the Router Firmware Up to Date
Some routers bury firmware updates deep in their settings menus. Some might even notify you about a new firmware update the moment you log into their apps or web-based user interfaces.
Normally, the router manufacturer should update the firmware on your gateway automatically. However, just as you should make a monthly schedule to change the wifi password, you should also regularly check for updates. The router console should include this option. If not, make it a habit on the first of the month to check the router manufacturer’s website for any updates and install them if they are available.
2. Use a Firewall
Firewall helps add an extra layer of security to your network. Many routers have a firewall that can be enabled. It checks data coming into and going out and block any suspicious activity.
If the software firewall isn’t sure about a particular program it can ask the user what it should do before it blocks or allows traffic.
Most firewalls use packet filtering, which looks at the header of a packet to figure out its source and destination addresses. This information is compared to a set of predefined or user-created rules that checks whether the packet is legitimate or not. Also, it checks whether it’s to be allowed in or discarded.
3. Enable MAC Authentication for Your Users
You can limit who accesses your wireless network by only allowing certain devices to connect to it. Each wireless device will have a unique serial number known as a MAC address. MAC authentication only allows access to the network from a set of addresses defined by the administrator.
This prevents unauthorized devices from accessing network resources. Moreover, it acts as an additional block for hackers who might want to penetrate your network.
Unfortunately, it is possible to spoof a MAC address. But an attacker must first know one of the MAC addresses of the computers that are connected to your Wireless network before he can attempt spoofing.
In order to enable MAC address filtering, first you need to make a list of all devices you want to connect to your WiFi router. Find their MAC address and add them to the MAC address filtering in your router’s administrative settings. You can find the MAC addresses of wireless mobile phone and other portable devices under their network settings. This will vary for each device. For finding the MAC address for your computers you should open Command Prompt and typing in “ipconfig /all.” Therefore, it will show your MAC address beside the name “Physical Address”.
4. Change Default Password
Make sure the router password is not using the default password. If the default password is being used, it can be easily guessed and give someone access to your router.
If you are still using “admin / admin,” “admin / password,” or some variant of generic words to log into your router, change that. This will prevent others from accessing the router and you can easily maintain the security settings that you want. A person would be able to change your router settings, including viewing any security keys, by accessing to the router setup.
5. Use a Secure WPA Password Not WEP
Many routers today will offer two or three different security schemes: WEP, WPA, and WPA2. We recommend WPA or WPA2 security since it is more secure than WEP. However, with some older devices, such as gaming consoles, TiVo, and other network devices, WEP may be the only security option possible to use. Actually, using WEP is still better than no security at all.
Passwords that are protected with the WEP encryption are a lot easier to attack than those encrypted with WPA2. Keep in mind that even WPA2 security standard is unlikely to defend a skillful hacker or hacking group. Generally, whatever you do, don’t run an open (password-free) wifi network.
6. Change the Default SSID Name
The SSID is the name that identifies your wireless router. By default, many routers will use the name of the router as the default SSID. For example, Linksys routers use ‘Linksys’ as the SSID. Using a default SSID is a security risk, because it identifies the brand of the router. It would help an attacker find a way to exploit vulnerabilities in the device.
Also, when naming the router, do not use your family’s name or any other personally identifiable information. For example, if the SSID contains your family’s last name, it can be identified by any neighbor that knows you.
Generally, changing the SSID name of your network is a good idea as it will make it more obvious for others to know which network they are connecting to. The setting is usually under the basic wireless settings in your router’s settings page. Once this is set, you will always be sure that you are connecting to the correct Wireless network even if there are multiple wireless networks in your area.
7. Enable Network Encryption
You need to encrypt your wireless signals. You should do it in order to secure WiFi router and prevent other computers in the area from using your internet connection.
To enable encryption on your Wireless network, open the wireless security settings on your router’s configuration page. This will usually let you select which security method you wish to choose. As It mentioned earlier, if you have older devices, choose WEP, otherwise go with WPA2.
8. Reduce the Range of the Wireless Signal
You can decrease the signal range by either changing the mode of your router to 802.11g (instead of 802.11n or 802.11b) or use a different wireless channel. You can do it in cases that your wireless router has a high range but you are staying in a small apartment.
Also, you can try placing the router under the bed, inside a shoe box. Or you can wrap a foil around the router antennas. So that you can somewhat limit the direction of signals.
9. Provide a Separate Network for Guests
This is another way to secure WiFi router. If you want to allow visitors to use your WiFi, it’s necessary to offer a guest network. This means that they can connect to the internet without getting access to your company’s or family’s internal network. This is important both for security reasons, and also to prevent them unknowingly infecting your network with viruses or other malware. One way to do this is by using a separate internet connection with its own wireless access point.
The premise of a guest network is great. Your router automatically sets up a second SSID for friends to use. Any device connecting to it is walled off from other devices on your primary network, either plugged into your router directly or connected wirelessly. Also, you should turn on WPA protection on your guest network rather than leave it open.
10. Hide Your Network Name
To help make finding your wireless network easier, wireless routers broadcast your SSID. Actually, it means anyone looking for a wireless router could see your SSID. To help make it more difficult for someone to find your network when browsing for a wireless network, you can disable the SSID broadcast feature.
However, when disabling the SSID broadcast, you have to know the name of the network before you can connect to it. So you should manually enter your router’s unique SSID when wanting to connect any new device to your network.
Note that hiding your SSID should never be the only measure you take to secure WiFi router. Hackers use WiFi scanning tools which can find out your network and its SSID even when it is set to “hidden.”
Security is all about providing multiple layers of protection. By hiding your SSID you may avoid attracting the attention of hackers. So it is a simple measure that is worth taking.
11. Turn off Remote Management
The console of a router should only be accessible from devices connected to the network. This means that you can access the console over the internet, from another location. Unfortunately, if you can do that, so can anyone else. So, turn off remote access. If you never plan on remotely administrating your network, we recommend disabling remote administration. It is often disabled through the “Administration” section, with routers that support this option.
Referring to what we mentioned, MAC Address filtering with WPA2 encryption is probably the best way to secure WiFi router.
Once you have enabled the various security settings in your wireless router, you need to add the new settings to your computers and other wireless devices. In this way, they all can connect to the WiFi network. You can select to have your computer automatically connect to this network. So you won’t have to enter the SSID, or other information every time you connect to the Internet.