Make your wireless network really secure
Securing your network beyond the password level may seem like a chore but with so many wireless devices in the hands of other people close by, you need to go a little further to ensure your privacy is kept intact.
In this guide, we'll explore some essential steps to improve the security of your home wireless network.
At the core of most Wi-Fi home networks is a router, which sends data between your wireless devices and the internet. To set up your router, you must access the administration panel through a web browser. You can change some of the settings here to protect your wireless network.
1. Update your router firmware
Older routers can develop security issues as you attach new devices to your network. Check your router manufacturer's site for a firmware update.
This will ensure compatibility with the latest devices and make sure they connect safely. Firmware updates usually involve downloading a file from the website and uploading it to your router via the administration panel. Sometimes there'll be an option in the panel to check for updates automatically.
The router must be kept switched on throughout the upgrade and you won't be able to access the internet while it's updating, so time this accordingly.
2. Disable Wi-Fi protected setup
Most routers support WPS (Wi-Fi Protected Setup). In theory this saves you the trouble of having to enter your password on every device you connect to your wireless network by pressing a special button on the router or entering a PIN. In practice this as it increases the ways a hacker can access your Wi-Fi without the password.
You can disable WPS from the administration panel for your router of choice. The steps to do this will vary depending on your manufacturer, so check with them if you need help.
3. Change default passwords
Your router shipped with a default password to access the administration panel, which is usually available from the manufacturer's website.
This makes it very easy for anyone already connected to your Wi-Fi network to access the panel themselves and change the settings. Your default Wi-Fi password is also usually written on the bottom of your router.
As soon as you get a new router, log in and choose a strong password of at least 12 characters. Do the same for the Wi-Fi password itself and make sure your network uses WPA2-AES encryption. Write both passwords down and put them in a safe place.
4. Switch off SSID and use hidden Wi-Fi networks
By default routers will broadcast the name of your Wi-Fi network. This makes it easier for opportunistic hackers to see the network and try to exploit it. You can hugely reduce the chance of this by accessing the administration panel of your router and choosing to stop broadcasting your SSID (Service Set Identifier).
In future, anyone who wants to connect to your network will need to know both its name and the password.
Take this opportunity to change the name of the network from something generic like 'Netgear' to something personal to you such as 'Crocodile'. Do not use your home address.
5. Address reservations
If you give each device on your network a static IP address, your connections will not only be faster and more reliable, but also more secure because you can easily see which devices are connecting to your network.
Devices you don't recognise will be given IPs that are not in your list of reserved ones.
6. Use OpenDNS
DNS servers are used on the internet to convert human-readable addresses such as www.techradar.com, which you enter in your browser, to machine-readable IP addresses. This helps your computer find the website in question.
Some routers are vulnerable to "DNS Hijacking", whereby your attempts to access perfectly legitimate websites instead redirect you to pages containing harmful code.
You can reduce the chance of this by configuring your router to use servers. Not only does OpenDNS check for dangerous websites, you may also find your surfing speeds are faster. There's even a parental filter to block harmful content.
7. MAC filtering
Stop unrecognised devices from gaining access by creating a list of MAC (Media Access Control) addresses for your devices. Only allow these to connect.
Look for an address filtering option in your router admin panel and enter the MAC address for each device. To find the MAC address, type getmac in Command Prompt for Windows PCs. Check the manufacturer's site for other devices.
8. Don't auto-connect to hotspots
Connecting to open Wi-Fi networks exposes your PC to security risks. To disable automatic connections to open Wi-Fi networks, click 'Control Panel > Network and Sharing Center > Manage Wireless Networks' (in the left pane) and right-click the one you want to change.
Click 'Properties > Connection' and uncheck 'Connect automatically when this network is in range'.
9. Set up a Guest Wi-Fi network
If you have visitors who need to connect to the internet, consider checking whether your router's admin panel can create a 'Guest' Wi-Fi network for them. This network will still connect them to the internet but functions separately to your personal Wi-Fi network.
If you are using a hidden Wi-Fi network, you can have the guest broadcast its name to make it easier for others to connect.
This doesn't just keep your password safe. Many routers allow you to block certain services to guests such as downloading via Bittorrent or to cap the speed of their downloads at a certain speed.
10. Use OpenWRT
Millions of internet devices are vulnerable to being hacked. Router manufacturers aren't always able to create an immediate firmware update to patch vulnerabilities for your particular model.
As the OpenWRT shares code freely, even owners of older routers may find a fix available more quickly. The OpenWRT website maintains a along with instructions of how to install their firmware. Open Source software is often more secure as experts can check it for vulnerabilities, as the makers of closed source software may forbid other people checking their code.
11. Disable Wi-Fi administration and remote access
Many routers allow you to access your administration panel via Wi-Fi but do not secure the connection with SSL. This means anyone snooping on your connection can intercept your password and access the router settings.
If your router supports the option, consider disabling wireless administration. This will mean, however, that you'll need to physically connect a network cable between the router and your computer each time you want to change the network settings.
While you're in the admin panel, make sure 'Remote Access' is also disabled. This feature allows you to change the router settings while you're away from home but it's unlikely you'll need it.