Tips on Wireless Networking for Home Security, for Both the Novice and the Power User
written by: Zack Jones•edited by: M.S. Smith•updated: 5/20/2011
Have you ever wondered how hackers manage to get into some people's computers through their wireless networks? Find out about simple & advanced ways to keep them at bay.
slide 1 of 5
It is hard to overstate the seriousness of the risks involved in the use of the wireless networking technology. An average hacker can easily steal sensitive information (such as passwords, credit card numbers and even bank account details), simply by intercepting your internet traffic. The latter can grant the deliquant access to your computer, with all that this can imply. Even identity theft is not uncommon these days and it is not improbable if your wireless network is vulnerable to the hacker's whims. Here are some tips to help you avoid these risks.
slide 2 of 5
Some Basic Tips of Wireless Home Security
1. Avoid using open (unsecured) wireless networks. Naturally, if you are at home you'll probably make use of your own network but you may still be tempted to use a neightbor's WiFi if it's open. Doing so can be quite risky though because such networks are open to everyone, even hackers who may be monitoring the wireless traffic, waiting for you to use a password or some private data that they can use to their advantage.
2. Turn off your wireless network if you don't plan to use it for a while. This way, not only do you save on electricity, but also reduce the risk of network attacks by a large factor. For example, if you go away on a long vacation, you won't be able to tell if someone has compromised your WiFi's security and may return home to a nasty surprise, but by simply pulling the plug off your router you eliminate this problem.
3. Change the default administrator password of your network and, if possible, the usernames too. Hackers are often familiar with the factory settings of various modem/routers, so by leaving them as they are you are practically leaving your door open to intruders. Changing the password/usernames is relatively simple and can be done by accessing your router's configuration. Also, it is a good idea to change the password periodically, e.g. every 2 months or so. Also, try to use a sufficiently strong one by mixing various character types, along with numbers is a big plus. For more information on this you can read a specialized article.
4. Turn on WPA / WEP Encryption. WPA is quite stronger but if your network doesn't support it, WEP is better than nothing. Secured networks can be identified when someone looks around and simply the existence of an encryption protocol is often a deterrent to many amateur hackers.
5. Enable firewalls on every computer in your network as well as on the router. A good firewall software (or external device) can really do wonders here, since this security measure contains signatures of most network attacks and can identify a hacker on the spot. This is a must-have in every network, particularly a wireless one and especially if you use MS Windows operating system. It usually takes more work to set up this security layer but it's worth the effort.
6. Turn off your wireless network interface. If you have a laptop or some other mobile device that you use in public, you should have the wireless network interface turned off by default. It's best to turn it on only when you really need it, in order to connect to a wireless network. For more information about wireless security on laptops, you can refer to this specialized article.
7. Disable remote network administration. Most WLAN routers are capable of being remotely administered through the internet, to make it more convenient for the person in charge of the network.If you are the only person who can use this feature, it is great, but unless you have defined a specific IP address for that taks, almost anyone on the web could seek out and gain access to your router. So, it is recommended that you disable this feature (if it's not turned off by default).
slide 3 of 5
A Few Tips for More Advanced Users
8. Change the default SSID code. All routers / access points make use of a network name called the SSID. Normally a manufacturer ships all of his products with the same SSID set (e.g. the SSID for devices of the Linksys company is normally "linksys.") Even though the knowledge of the SSID alone doesn't by itself enable a hacker to break into your WiFi, it is a starting point. More importantly, when a hacker finds a default SSID, he concludes that it's a poorly configured network and is far more likely to attempt to hack it. So, it's best if you change the default SSID at once when you configure the wireless security settings on your WiFi. While you are at it, you might want to disable the broadcasting of this code as well. Disabling the broadcasting of your WiFi's SSID code is like having it operate in stealth mode, making it virtually invisible to the amateur hackers.
9. Assign static IP addresses to your network's devices. Usually most routers assign dynamic local IP addresses by default. This is often quite convenient but also helps the hackers, who can acquire valid IP addresses for their computers from your network's DHCP pool. So, it's best to turn it off on your router and set a fixed IP address for all the computers that access your WiFi and any other device (e.g. PDA, iPad, etc.). You will need to configure each one of these devices as well, but that's a one-time task. It is recommended that you a private IP address range (such as 123.0.0.x) to make it more difficult for unknown computers over the internet to reach your devices.
10. Use MAC filtering for access control. This is somewhat different to IP addresses, as MAC addresses are unique (similar to a book's ISBN) so by using these filters you can limit access to your network to only the systems you want. To set up MAC filtering, just enter your router / access point and look for the MAC address of every system connected to it (every one of these addresses is 12 characters long). This can be an irksome process if you have a large network, but it can pose as a good deterant to potential hackers. Keep in mind though that even this security layer is not entirely fool-proof, as experienced hackers can still find ways to imitate MAC addresses.
11. Monitor your WiFi for intruders. It is best to keep an eye open for unusual patterns in your network activity, to ensure that there are no network attacks. The more you know about what WiFi hackers are trying to do to your network, the more effective you'll be in defending against them. You can collect logs on scans and access attempts, and apply any statistics-generating application to exctract more useful information from those logs. You can even set up your logging server to send you an email if something really irregular takes place.
slide 4 of 5
Your wireless networking can easily be made safer by following the tips mentioned previously. Even if you don't apply every single one of them, you can still improve your chances of staying safe significantly. Most WiFi hackers are opportunistic, so if they see that your network is not an easy target, they are more likely to move on to the next potential victim. Of course, the more your learn about wireless home security, the better prepared you can be against even the more skilled cyber-robbers. If you want to learn more about this topic, you can check out this article on wireless network security.