How to Secure Your Wi-Fi Network
It seems that we live in the wild west of internet security these days. Tools are easily available to any teenager or computer user who wants to hack, and computer breaches are in the news almost every day. Finding a how-to article on the internet is simple for anyone who’s looking. So then how do you protect yourself from these threats? The answers we’ll provide are simple, practical and easy to follow if you have a few minutes to spend.
Understanding the Threat
Wireless networks are tempting to computer users. Some users see it as a puzzle to be cracked, others see it as free internet access, and some hackers are looking to gain financially from stealing you private information, or gain an advantage over their competition with corporate espionage. Whatever the reason, it’s important to understand the threat is real and persistent.
Wireless networks are always broadcasting and a sitting duck. It’s easy to target a system that is always available. Whether the SSID is being announced or not, simple tools exist that can identify any wireless network in the area. With a system like this running at just about every household in your town, hackers and neighbors alike don’t have to search very long before they find a target.
Consider Your Needs
When a lot of people buy WIFI they want to maximize the technology, the performance and the range, the number of devices connected, etc, so they can get the most for their money. After all, who would want to underutilize something they just invested a small fortune in?
At the same time you are making the new wifi reach every corner of your house and serve blazing internet to each of your devices, aren’t you also offering more accessibility to the hackers outside your system? Few people understand how WIFI is hacked and so they hear about the threat but don’t really know how it works, or how their actions can contribute.
From a security perspective, I advise that WIFI is for devices that cannot operate without it. The number of devices talking on the wireless network increase the ease of hacking the network. Each device talking on the network authenticates itself to the base station and reveals vital information during the process. The more devices authenticating gives hackers more chances to break the encryption. With special hardware the hackers can send a disconnect signal to the devices forcing them to re-authenticate, and this can be done as many times as necessary until they’ve broken the connection. The more devices that have to reconnect, the more data the hacker can sample and use to crack the wifi password.
Take Back Control
There are some steps you can take to protect your network, but one of the simplest is to turn off the WIFI when you aren’t using it. From an IT perspective people like to have devices ready to use at the touch of a button, but if you spend two hours at home every day and ten hours at work, do you need your computers and wifi available to hackers ten hours a day? Shorten the window of availability and you’ll dramatically decrease your odds of being hacked.
The first step when setting up a network should be changing the default username and password. Most amateur computer users know how to look up the defaults quickly and easily, so this is critical. Even worse, Netgear, Linksys, Belkin, etc. have used the same passwords for over a decade in many cases.
Now that you’ve set the administrator credentials, you’ll want to pick a random complex wireless password for your network, it should be at least 12 to 16 characters, including symbols, numbers, lowercase and uppercase letters. The more complex and random the password, the better protected you’ll be against brute force attacks that use dictionaries and previously stolen passwords. For help creating a complex password you can use our free tool here.
We recommend a password rotation. This means changing your passwords on a frequent schedule. Try to find a schedule that works for you, most people unfortunately don’t change passwords making themselves vulnerable for years. A little bit of time spent change passwords regularly can dramatically improve the security of your network and reduce the odds of being a victim.
The network SSID is the wireless network name that is broadcast when your wifi is turned on, this is the name that you select to connect to your network. We also recommend you pick nondescript names that do not draw attention. The more descriptive the name, the more likely someone driving by can identify you, or see it as an interesting target for drive-by hacking.
ACL: Access Control Lists
The next step is enabling MAC address filtering in your router. This makes things more challenging for hackers, requiring them to have a higher skill set to break in. If you have ACL implemented, the attacker would have to first identify the MAC addresses of authorized devices which requires a more sophisticated level of experience than amateur hackers, then they would have to impersonate one of those devices before they could start attacking the network.
I need to point out that this won’t stop experienced hackers, but it could make your network more trouble than it’s worth for a drive-by. However if you are being specifically targeted by someone who knows you or was hired to steal your data, you’ll need additional steps to protect yourself.
Disable WPS and Guest Networks
WPS was a feature designed to make quick setup a breeze for home network devices but it turns out there were too many flaws and it’s easily hacked even by novice hackers. This feature should be disabled at all times.
Guest networks are a nice idea but do you trust your neighbors or the guy the parked out front of your house? Do you really want to give away access without requiring a password?
All of these steps make your network a more difficult target but they aren’t perfect, we know that given enough time and patience you can guess a password, or find tools that can speed up the process. Unfortunately, we have to protect a complicated system and the hacker only has to find one vulnerability. Their job is a lot easier than ours.
To increase your protection, there isn’t much more you can do with the wireless network itself, but you can treat it as a public system instead of a private network. Consider that wifi is always broadcasting your data over the air, this means anyone listening can potentially receive your data. Much like accessing the internet at a local coffee shop, your home wifi is about as private.
SSL: Secure Socket Layers
Browsing the internet safely requires you to check SSL on the websites you are visiting. You want to make sure the padlock is visible in the address bar for any websites you browse. The padlock ensures you’re data is encrypted and not being openly transmitted as plain text. This is critical when visiting banking websites or making purchases online.
VPNs: Virtual Private Networks
For an added layer of privacy and security we recommend a VPN service like ProXPN to securely encrypt all of your internet traffic. A VPN allows you to create a secure tunnel from your local computer or device to a location far away where your information isn’t being tracked. Services like ProXPN let you choose from dozens of geographic locations and countries, so you’ll connect from your home but your internet access will actually be in the country or city of your choosing.
A good VPN like ProXPN can protect all the services on your computer, including email, skype, instant messaging, and gaming. It isn’t just limited to web browsing. It’s important to consider this solution if you are worried because it protects all of your online data. If a hacker is spying on your network, they will only see highly encrypted communications between you and the VPN service, but they won’t have a chance of decrypting your data. This is how most professionals choose to secure themselves.
I’d be remise not to briefly mention that Tor is not a secure way to protect your data. It’s a tool for anonymous browsing, but your data is visible to the endpoint nodes where you access the internet. Because Tor is used for anonymous access, it is favored by novice hackers and criminals to illegally download movies, music, to by other illegal merchandise and by some legitimate computer users who are researching sensitive topics that they may be persecuted over. The Tor network is not a safe place for most users and commonly leads to infecting their machines with viruses, malware and ransomware.
More Sophisticated Attackers
A brief disclaimer: This guide isn’t intended to protect you from law enforcement or government surveillence who can use specialized tools to decrypt or track you. They still have to use the same techniques as other hackers but they tend to have a bigger budget and can afford nicer tools than the average person. I’ve heard some statistics lately indicating that encrypted data such as VPN or SSL traffic can take several weeks to crack on dedicated systems.
There are some more sophisticated attacks against networks, IoT devices and wireless that aren’t mentioned here due to complexity. One rule to live by is not to take unnecessary chances. When you’re in doubt you can always disconnect, turn off your computer, device or wifi. If you see multiple wireless networks that look familiar but seem to be showing up in the wrong location, or your wireless seems unusually slow. Sometimes it’s best to turn things off for a while and take a break.