Wireless technology has never been more popular, as evidenced by the vast number of wireless electronic devices that can connect to the Internet or local network. The freedom that this technology affords is quite appealing to most. It is liberating to access files, play music, watch videos, or communicate with others online without being tied down to one desk in your home or office. As with most technological conveniences, however, this freedom comes at a higher cost. With all of this information zipping back and forth through the air, how do you protect your network from hackers or nosy neighbors? Here are some simple steps to get started.
Note: This article is geared towards a home or small office network. Many of these ideas can be used for larger businesses, however.
1. Change the default username and password on your router
Routers come with a default username and password. Cybercriminals love default settings. Fortunately, changing the login info is easy. Just access your router (by using a web browser and the router’s IP), find the login settings, and change the defaults to something unique. Concerning the password, make it fairly complex (like bUnn1es@reCute1324). Internet villains have some powerful tools at their disposal, so do not make it easy for them. You probably will not access your router that often, in which case you will not have the chance to memorize your username and password. Therefore, make sure you write them down and store them someplace safe!
2. Change the SSID (also known as Wireless Network Name)
If your router uses a default SSID (like “linksys” or “netgear”), change it. The default Pre-Shared Key (PSK) may be based on this default name, making it easier for cybercriminals to break in. If they see a list of network names, they are more likely to try to hack the ones with a default name in hopes that the PSK has not been changed. If this is the case, the network name is essentially providing a portion of the wireless password, and the bad guys can run software that attempts to obtain the rest of it.
This step man not apply to newer routers that come with a unique SSID and PSK out of the box, but it will not hurt anything to change those as well. Also, if you set a long, complex PSK (see step 3 below), you will make it incredibly difficult to hack in, even if you are still using a default SSID, but if you can deter a hacker just by changing the SSID, why not do it? Another benefit of having a unique name is that it ensures you will not share a default SSID with a neighbor, which could cause confusion.
3. Enable WPA2 security and set a strong passphrase
This is probably already enabled on your router, as WPA2 has been around for quite some time, but you should check it to make sure. The older security protocols (WEP, WPA) have been around a lot longer and have some serious security flaws. WPA2 is not airtight, but it is the best option to use at the moment. Once you have enabled this feature, set a strong, unique PSK passphrase. As an example, something like “dGup@158$*Pld” would work splendidly. Just make sure you write it down and store it in a safe place!
This example may seem excessive, but a weak passphrase can be more easily cracked by a brute-force attack (using software that repeatedly tries various passwords until one of them works). It is best not to take chances when it comes to security. As always, changing your password/passphrase periodically is a good practice.
4. Update router firmware regularly
As routers age, they become more vulnerable to attacks. Router manufacturers issue firmware updates that can help make your router more secure, among other benefits. There is always a risk involved in updating firmware, however, but it is still a good thing to do. Never update firmware when there is an above-average risk that you may lose power, such as during inclement weather. Losing power during a firmware update could turn your router into what is fondly called a “brick.” Fortunately, firmware updates do not take long to apply, so the chances of losing power during that brief time is very slim. If you have any concerns, however, plug your computer and router into a UPS (uninterruptible power supply, not the shipping company….) before attempting a firmware update!
5. Disable WPS if not needed
Wi-Fi Protected Setup (WPS) is a simple, convenient way to connect wireless devices to your network. On newer routers, you merely press a button on the router and a button on the device, and the router will automatically give the device a required 8-digit PIN; there is no setup involved whatsoever. Devices can only connect up to five minutes after the button is pressed, which makes it fairly secure. However, some older routers may not have this feature, which makes them susceptible to brute-force attacks. Using this method, a hacker can guess your PIN in less than a day.
There are differing opinions about WPS, but the general consensus is that it is best to disable it and set up your devices manually. This is more of a hassle, but it will undoubtedly make your network more secure. If needed, check with your router’s manufacturer to see what they have done to make WPS more secure, such as adding a lockout policy to combat brute-force attacks. Some companies have ditched the term “WPS” and have come up with something else that essentially does the same thing but with more security (such as QSS from TP-LINK).
6. Deny wireless devices access to router’s web-based utility
You do not want just anyone to make changes to your router. Go into your router’s web-based utility and find where you can change who has access. It may be in “Local Management” under the “Security” tab or something similar. Do not allow all computers on the LAN to access the router’s web-based utility. Instead, input the MAC addresses for the computer(s) you will be using for access, and only allow those computers access. A really good hacker can find a way around this, but the more roadblocks that are in the way, the safer the network is. The more steps a cybercriminal has to go through, the more likely he or she is to give up and move on to another network.
7. Disable UPnP
Universal Plug and Play is a feature that is on by default in most routers. The basic premise is that it allows programs on your computer to open ports, allowing for NAT traversal when needed. The problem is that UPnP has no built-in authentication, which could pose a security threat. For instance, if you get malware on your desktop, it could use UPnP to open a port indefinitely and send information to nefarious individuals. That could never be good! There is a lot more that can be said about UPnP, but it falls outside the scope of this article. Just know that it could be an issue. If you choose to disable it, and a needed program stops functioning, just utilize port forwarding for that specific program.
8. Ensure that your router cannot be accessed remotely
This option is usually off by default, but you might as well check it while you are changing settings on your router. It can usually be found under a tab named “Remote Management.” If enabled, it allows you to access your router’s web-based utility from any device with internet access and a web browser. You still have to input your password, of course, but it is just another way for unwanted guests to try to access your network. Also, chances are that you will never need this feature.
9. Place your wireless router near the center of your home/office
Unless your wireless network is located inside a huge faraday cage, you will probably end up with the signal bleeding out through the walls of your home or office. Placing your wireless router/access point at the center of your building, however, can lessen this problem. It may not be possible for everyone to do this, but if you do have the option, go for it! By the way, if your wireless network is inside a huge faraday cage, you can safely ignore this entire article….
10. Get a new wireless router
If you have an old router that does not utilize modern security protocols or for which the manufacturer no longer produces firmware updates, it may be time for an upgrade. Yes, this involves spending money, but it may be necessary to maintain proper network security. Unsupported routers are just like an operating system that is no longer supported by its maker; it becomes more vulnerable to cyber-attacks.
Experts recommend replacing your router every 4-5 years, even if it seems to be functioning just fine. For one thing, it is better to replace it while it is working than to wait for it to quit and then have to buy a new one. When there is no rush, you can research routers to find the best option for your budget and network needs. If your router goes down, you will probably run down to the local Buy More (fictional) and hastily grab the first router you see!
There is a lot more that can be said about wireless security, but these are some simple changes you can implement to make it tougher for unwanted individuals to access your network. If you are interested in how EIT Networks can provide network security, 24/7 monitoring, and many other services for your business, call 1-866-BIT-WISE or email us at email@example.com.