Having an open wireless network can be a security risk as it may allow anyone who is close enough to your router (e.g., a neighbor or someone war driving) to access your network. To make your home wireless network more secure, consider the below suggestions.
Tip: All of the steps below will require access to the router setup, and we also recommend configuring wireless security over a computer with a wired connection to the router if possible.
Note: Because all routers are different we cannot provide specific steps for every router. Check your router's documentation for exact instructions.
Close the network
If you have never been prompted for a key, password, or passphrase when connecting to your wireless network, it is an unsecured network. In other words, if anyone is close enough to your router, they could connect to your network. To enable security, open your router setup screen and look for a Wireless Security section. The picture to the right is an example of a Linksys router setup in the Wireless Security section.
Select the wireless security method of either WEP, WPA, or WPA2 (we suggest WPA or WPA2, which is mentioned further down on this page) and enter a passphrase to generate the keys. After enabling security on the router, any wireless device that wants to connect to the router must have the key to connect to your network.
Change default password
Make sure the router password is not using the default password. If the default password is being used, it can be easily guessed and give someone access to your router. With access to the router setup, a person could change your router settings, including viewing any security keys.
If available use WPA, not WEP
Many routers today will offer two or three different security schemes: WEP, WPA, and WPA2. We recommend WPA or WPA2 security since it is more secure than WEP. However, for compatibility with some older devices, such as gaming consoles, TiVo, and other network devices, WEP may be the only security option possible to use. Using WEP is still better than no security at all.
Disable remote administration
When enabled, remote administration allows anyone close enough to your router to view or change your router settings. If you never plan on remotely administrating your network (e.g., wirelessly connecting to the router), we recommend disabling remote administration. With routers that support this option, it is often disabled through the Administration section.
When disabled, the router settings can still be changed using any computer that is directly connected to the router using a network cable.
Change the default SSID name
The SSID is the name that identifies your wireless router. By default, many routers will use the name of the router as the default SSID. For example, Linksys routers use 'Linksys' as the SSID. Using a default SSID is a security risk since it identifies the brand of the router and would let any attacker immediately know what exploits to use.
Tip: When naming the router, do not use your family's name or any other personally identifiable information. For example, if the SSID contains your family's last name, it can be identified by any neighbor that knows you.
Enable router firewall
Many routers also have a firewall that can be enabled. If available, we also suggest enabling this feature, as it helps add an extra layer of security to your network.
Disable SSID broadcast
To help make finding your wireless network easier, wireless routers broadcast your SSID, which means anyone looking for a wireless router could see your SSID. To help make it more difficult for someone to find your network when browsing for a wireless network, you can disable the SSID broadcast feature. However, when disabling the SSID broadcast, it will require that you manually enter your router's unique SSID when wanting to connect any new device to your network.
Enable wireless MAC filter
The Wireless MAC filter feature only allows a wireless device to connect to your router if the MAC Address has been entered into the filter list. Doing MAC filtering can make connecting new devices to your network more difficult, but improves the overall security of your wireless network.
Tip: A quick and easy way to set this up is to connect any wireless device you want on your network to your router before enabling the Wireless MAC filter. After each device has successfully connected, access the router setup and open the DHCP client table, often found in the Status or Local Network section. Each device that has connected to your router can be copied into a Notepad, then pasted into the Wireless MAC filter section of the router Security section.
No comments:
Post a Comment