Criminals just love unsecured home Wi-Fi networks. Hackers are often on the lookout for poorly configured Wi-Fi networks that can be used for nefarious activities like information theft, hijacking or piracy.
It is not just about the potential loss of bandwidth, slowdowns or botnet attacks. Securing your Wi-Fi network can also shield you from unwelcome connections that may be using your network for illegal activities. Remember, when law enforcement traces the illegal activity, you – the router’s owner – are left being held responsible.
Here are five ways to secure your Wi-Fi router against unauthorized hitchhikers and online attacks.
1. Update your firmware regularly
With hackers constantly looking for firmware flaws to exploit, keeping your router’s firmware up to date is a must.
Updating your router’s firmware is not as hard as it sounds. Once you’re in your router’s admin page, check for a section called “Advanced” or “Management” to check for firmware updates, then just download and apply as required.
Router firmware updates require a restart so make sure you do not have ongoing activities that require a network connection when you apply the update. Make an appointment now in your calendar. You should check for router firmware updates at least once every three months.
2. Turn on wireless security
On your router’s administration console, secure your wireless network by turning on encryption. Turning on encryption means no one can log into your network without the password.
Every router has a different menu layout, but you should be able to find encryption this under the “Wireless” or “Security” menu.
You’ll have a number of encryption options, but you want to select one that starts with “WPA2”.
“WPA2-PSK AES” is the newest and most secure. If you have older Wi-Fi gadgets, you might have to select the hybrid option “WPA2-PSK AES + WPA-PSK TKIP” to get them working.
If the only encryption options your router has are WEP or WPA, tell your router to check for a firmware update. Look in your manual for the instructions.
If there’s no firmware update or your router updates but you’re still stuck with WPA or WEP, it’s time to buy a new router. These encryption methods are too unsafe to use, plus it means your router is probably more than 7 years old.
3. Change your passwords
When you installed your router, did you remember to do this one critical step – changing its default administrator password?
Maybe you’re thinking you don’t need to protect yourself with a password because no one lives nearby. Or maybe it’s wired, not wireless, so you’re thinking you’re not in danger.
Both those assumptions are wrong. If you have not secured your Wi-Fi network properly, anyone can walk or drive up to your property and use your signal, and you don’t know what they’re using it for. Plus, even wired routers connect to the internet, so they are vulnerable to hackers.
Basically, if someone other than you can get in your router’s admin page, then he/she can change any setting they want.
Additionally, maybe you don’t have a guest network set up and you keep giving away your Wi-Fi encryption password to friends and visitors, it’s wise to reset that password regularly. It’s a pain to set up all your gadgets to your network again but this simple change purges everyone who shouldn’t have access to your Wi-Fi.
4. Hide your network name
If you’re worried about “wardrivers” or people roaming around looking for Wi-Fi spots to hack, you can disable the broadcasting of your network and your guest network’s name (SSID) entirely.
With this method, your guests will have to get both network name and password from you and type it manually to connect to your Wi-Fi network. It’s a bit more work but at least it gives you another layer of protection against casual snoopers.
To do this, on your router’s admin page look for an advanced setting called “SSID broadcasting” then turn it off.
5. Turn on MAC filtering/Assign static IP addresses
To keep a tighter rein on what gadgets can connect to your Wi-Fi network, you can try these additional tricks.
First, disable the DHCP server of your router. DHCP assigns IP addresses to your network’s gadgets automatically and turning this off means you will have to assign static IPs. The downside of this method is the inconvenience and it takes a bit of technical skill to pull this off. The good thing about this is that you’ll have a map of all your connected gadgets and their corresponding IPs.
To take this a bit further, turn on MAC (Multimedia Access Control) filtering. With MAC filtering on, you can specify which MAC addresses will be allowed to connect to your network.
If you can recall, a MAC address is a unique code identifier that is assigned to each gadget’s network interface. MAC addresses can usually be found in the gadget’s settings, label or manual. Look for a set of 16 alphanumeric characters. (Here’s an example of what a MAC address will look like: 00:15:96:FF:FE:12:34:56 )
Again, the downside with MAC filtering on is that you’ll need the MAC addresses of all the gadgets that will be connecting to your network, including your guests’ and visitors’ gadgets.
Bonus: Turn on your guest network
There is another simple way to protect your more critical personal devices, like your personal computers, smartphones and tablets, from untrusted gadgets. Just put them on a separate network that’s different from your main one.
You can do this by setting up a completely different Wi-Fi router or by simply enabling your router’s “Guest Network” option, a popular feature for most routers.
Guest networks are meant for visitors to your home who might need a Wi-Fi internet connection but you don’t want them gaining access to the shared files and devices within your network.
This segregation will also work for your smart appliances and it can shield your main devices from specific Internet-Of-Things attacks.