Securing your WLAN

In this post I’m sharing my thoughts on how to use simple yet effective ways of securing your WLAN. The techniques I’m describing does not really require you to have a Masters degree in computer science to understand, it does however require you to have some familiarity with Networking and using a Browser.

Step 1: Change the default password.

Each router comes with a default Login ID and Password. Normally the routers default Login ID is ‘Admin’ and the Password is ‘Password’. Pretty original don’t you think? Anyways, the first step in securing your WLAN, is in changing the Admin password to any other strong password. A strong password is one that is at least 10 characters long and contains a mix of upper case and lower case alphabets, numbers and special characters. Eg. Ivn!12;rOss

Step 2: Change the router’s default ip

Each router is assigned a default ip address which normally is 192.168.0.1. When setting up the router change this ip to any other ip. You can stay within the series, such as 192.168.0.XXX i.e. the last value should be changed to anything you like form a single digit to three digits.

Step 3: Disable the router’s DHCP service.

DHCP enables remote computers to connect to the router and obtain an ip address assigned by the router. As far as is possible assign static ip’s to all the computers on your network. If you need to have DHCP to make life easier for you then restrict the number of computers on your network by limiting the number of DHCP ip addresses that the router can create to 5 from its default of 50 assuming of course that you only have 5 computers connecting to your network.

Step 4: Restrict the network mode.

If you computer can use WiFI ‘N‘ or ‘B/G‘ restrict the router to use any one network mode only. This can help prevent some computers from automatically joining your network. While this is not 100% effective it can help deter the casual snooper, especially if you use the newer ‘N‘ standard.

Step 5: Change the router’s default SSID.

The SSID is the name of the network. This often reveals the name of the house or office from where the WiFi signal is coming which can allow hackers to zero on your physical location. Change the SSID to a random name.

Even better is disabling the SSID broadcast altogether. This makes your WiFi router invisible to laptops and cell phones which automatically scan for WiFi hotspots. Hopefully, if hackers do not even know that your network exists they will not bother to break in. This is just common sense, prevention is much better than cure so to speak.

Your computers and cell phones that need to access your WLAN can be passed the SSID of the router manually when they are being setup so they can communicate with the router and connect to the WLAN.

Step 6: Opt for WPA2 or PSK security instead of WEP.

WEP (Wired Equivalent Privacy) keys can be cracked relatively easily hence opt for WPA (WiFi Protected Access) which uses 64 bit or 128 bit encryption. PSK’s are Pre-Shared keys which provide stronger security than WEP or WPA. The encrypted key is shared by the router and your WiFi devices.

Step 7: Enable the router’s MAC filter.

Enable MAC (Media Access Control) address filtering to restrict or authenticate a particular computer on the network. A MAC address is a unique physical address assigned to a network card to uniquely identify the network card. No two network cards have the same MAC address anywhere in the world. (Pretty amazing isn’t it ?). The can use the network card’s MAC address to authenticate it.

If any unregistered computer tries to join the network, i.e. a computer who’s MAC address has not been manually registered with the router, it will simply be prevented from doing so.

Step 8: Use the router’s firewall.

Enable the router’s firewall if it has this feature. Usually router’s use SPI (Stateful Packet Inspection) which reviews the packets of data entering your network.

If the router has an Internet filter enable this too. Enabling the Internet filter rejects anonymous Internet requests and keeps your network from being pinged.

Step 9: Disable remote administration

This maybe a great convenience if you are constantly administering the router / network from afar but this is an excellent window of opportunity for hackers. If you have to use remote administration keep this facility ‘On’ only for the period of time that its essential to have.

Step 10: Switch of the router when not in use.

This may sound a bit silly, but is quite sensible. If the router is not used at night switch it off. If you are going out on holiday switch it off.

Step 11: Disconnect the Internet when not needed.

If you do not need to be connected to the Internet constantly, simply unplug the ISP’s connection to the router. The network will still work but it will isolated from all potential hacking.

Step 12: Position the wireless router carefully. Place it in the center of your room or office. The WiFi router broadcasts like a sphere with the strongest signal at the router location.

Hence, the signal strength of the router will be the weakest at the circumference of the sphere. This could help prevent the router from being accessed by the neighbours or from the street outside.

Share and Enjoy:
These icons link to social bookmarking sites where readers can share and discover new web pages.