Wireless routers let you share your Internet connection and files among all your computers — without wires. You can surf the web from the lazy chair, the deck, or wherever the signals reach. However, you need to make sure your neighbors aren’t taking advantage of you. Without securing your router, anyone within range can steal your Internet connection, see what websites you’re visiting, and possibly access your files.
It’s important to understand that securing your Wi-Fi signals is possible. Don’t let security worries stop you from enjoying the freedom of wireless connectivity. In this article, we’ll discuss tips to properly secure your wireless router. If you follow these guidelines, you won’t have to worry about your files being accessed by strangers, your credit card information captured from the airwaves, and other bad scenarios you might think up. You can sit back and enjoy.
Without further ado, follow these tips to lock down your Wi-Fi network:
Use Encryption — Preferably WPA2
By default, the information that travels to and from your wireless router and your computers is in clear-text, so people can snoop on what you are doing and see sensitive information. Additionally, by default, anyone can connect to your network. However, you can scramble the information that’s sent over the airwaves by using encryption. This would also password-protect your network so others can’t connect.
The Wi-Fi Protected Access (WPA/WPA2) encryption standards have replaced the Wired Equivalent Privacy (WEP) standard. WEP was cracked long ago and doesn’t provide adequate Wi-Fi security. It can still help keep average Wi-Fi users off your network; however, in some cases the WEP keys can be cracked within minutes by hackers. Thus, if you don’t find the router and all the wireless adapters in your computers support WPA/WPA2, you should still at least use WEP encryption. But you should first try to upgrade the drivers of the old wireless adapters and/or upload any firmware updates to the router. You might also have to install a Windows update on XP or older Windows versions. Then if the newer encryption standards still aren’t supported, buy replacements as soon as you can.
The first WPA version, which uses a different way to encrypt/decrypt than WPA2, has also become vulnerable recently. However, right now the vulnerabilities exist only on networks that have a poor encryption passphrase/key. Additionally, it’s not a big deal since if your networking gear supports WPA, it probably supports WP2.
To recap, first try to use WP2 encryption; if that’s not supported, try WPA; as a last resort, use WEP.
Use Strong Encryption Keys
Simply enabling encryption is a huge step toward making your Wi-Fi network safe. However, you can make it even more secure if you create and use a strong encryption passphrase/key. For WPA passphrases, this means using both upper and lower case letters, numbers, and punctuation (any ASCII character), up to 63 characters long. For example, f8!U&1:C>0x;5i*wU2^bQ9(dJ4f#9v is tremendously more secure than using mynetpass for the passphrase.
Save Your Encryption Key
The encryption passphrase/key must be entered into each computer you want on the network. So when you get new computers, or if Windows forgets it, you’ll need to know the key. Thus, make sure you save the key in a safe spot. You can write or print it on a small piece of paper and tape it under the wireless router. You might also save it in a text file and copy it to each of your computers, in your My Documents (or just Documents in Vista) folder. Therefore if you have a complex passphrase, as suggested, you can just copy and paste it into the prompt when connecting to the network. This is especially a life saver when you are first configuring the computers with a complex key. Instead of manually typing it in for each computer, save it to a flash drive and take it around to each computer, so you can copy and paste it. If you don’t have a flash drive, you could connect all the computers up before securing the router, distribute the key using file sharing, and then enable encryption.
Don’t Connect to Other Networks
On desktop computers that stay in the home, make sure you don’t connect to any other wireless networks. This is because you’ll probably have folders shared on the computer, and if you connect to another network, people from there might be able to access your files. Additionally, connecting to a network in XP automatically adds the network to your network profile list — more on this in the next tip.
Periodically Check Your Network Profile List and Settings
Since any network you connect to can be added to your network profiles or preferred list, either by you or automatically by Windows, you should periodically check for other networks and remove them from the list. This is because Windows might try to automatically connect up with that other network sometime. As discussed in the previous tip, this compromises any shared files on the computer. You also want to make sure you don’t have the network settings on any Windows XP computers set to automatically connect to any available network.
Use a Firewall
If a computer is ever connected to a network or the Internet, it should always have a firewall installed and running. This filters what type of traffic is allowed into the computer, thus stopping hacker attempts — if properly configured. Since Windows XP, Microsoft has included Windows Firewall by default. From the Control Panel, open the firewall settings and make sure it is enabled. Plus, make sure any exceptions that are checked are for legitimate programs and are necessary. If you have a third-party firewall installed, such as an anti-virus package, you probably want to disable Windows Firewall, or vice-versa, so only one is active.
Keep Hardware Updated
Most software and hardware developers release updates to their products to patch security holes, fix bugs or issues, and possibly add new features. So you should make sure you keep all your networking gear and computers updated. The brain of your router is called firmware, which is a file you can download from the vendor’s website and upload to the router. The intelligence behind a network adapter is called a driver — a file you download and install on Windows. Last but not least, you need to keep Windows updated.
Grant Access Only to Your Computers and Devices
Every computer or device that can connect to a wired or wireless network has a serial number, called a MAC (or physical) address. Devices use this address to identify themselves on the network. Thus the router can deny/approve access to your network by the addresses of devices that try to connect, known as MAC address filtering. Wi-Fi hackers can spoof the MAC addresses of their wireless adapters; however, this can be another layer of security. You just never want to rely solely on this to secure your network. If you want to give it a try, you can input a list of your device addresses into the MAC address filtering page of the router’s web-based configuration utility. Just remember, if you get a new device, or a friend brings a laptop over, you must input their address on the list, too.
“Hide” Your Network
Wireless routers, by default, broadcast their network name (SSID) so it will show up on the network list of Windows and other wireless utilities. However, you can disable the broadcasting and manually enter the network name into Windows and any other devices. Since someone must know the name in order to connect, this technique helps prevent hacking attempts. Like with MAC address filtering, hackers can also get around this roadblock, but it serves as another layer of security.
Remember, Wi-Fi security is all about layers, where encryption is the first protective barrier. Once you have your signals scrambled, you can enable other security features. Plus, you should always be careful and follow the other guidelines we’ve discussed.