Wi-Fi is relatively new but quickly becoming the norm. At present, it is neither 100% reliable nor secure. The problem is that there are no physical boundaries. With a cable connection, you need physical access to tap into the connection, whereas, with a Wi-Fi signal, you can pick it up outside the office or at home.
Enable MAC (media access code) filtering
MAC is a hardware burned address assigned to each computer's Wi-Fi card. A MAC address filter is a whitelist of trusted devices in your home or business. This method is not 100%, but at least it creates another small barrier.
Hide the SSID (service set identifier)
In simple English, SSID is your Wi-Fi network name. When you hide your SSID, people will see a Wi-Fi network but not the name of it. If they want to be connected, they must enter the name. As with MAC filtering, there are ways around it, but again, it’s another small hurdle like the above.
Reduce the broadcast power
Some routers let you choose the broadcast power—keep it low, and your signal will travel less distance outside your four walls.
Turn off auto-connect
Laptops and other devices can automatically connect to any old Wi-Fi hotspot pre-saved. Turn it off and choose manually instead to prevent someone from getting you to connect their own dodgy SSID.
Turn it off
Going on holiday for two weeks? Turn Wi-Fi off to boost security and save electricity.
Change the default username and password
By default, the control panel username and password are something like 'admin' or 'access'. It’s best to change the password, at least.
Change the control panel URL
The default control panel address is normally 192.168.0.1. To enhance security, change the last block (8 bits) to something more unique.
Change the SSID (service set identifier)
By default, the SSID or network name is normally virginxxxx, netgearxxxx or dlinkxxxx. Change it to something generic that does use your house number or business name as the SSID.
Enable the firewall
These days, most modern routers or router modems come with a basic firewall and NAT (network address translation). Enable this for an extra layer of firewall protection. If you are skilled, configure beyond what comes out of the box.
Enable encryption
Encryption stops people from intercepting and reading your data as it whizzes around. WPA2/3 is a good choice, and you can choose a key up to 63 characters (more is better). For an easy option, use a passphrase instead, which could look like: cooking tyrannic dichroism heatstroke besetting.
Scan for rouge APs
More advanced kit can scan the local areas for SSIDs which are trying to imitate you and trick users into handing over their credentials to a malicious individual.
Consider WPA2/3 enterprise
Few home users or business users have heard of this. With WPA/WEP, you authenticate with a shared key like OI-o;3=2>Qw|x. With enterprise, you log in with a unique username/password per person, which has many benefits.
Backup settings
Once you have secured your Wi-Fi router, backup the settings.
Update the firmware
Like operating systems, routers need software updates. Occasionally, check within the control panel for a firmware update. Better still, on more fancy devices, enable auto updates.
Secure the router/modem
Place the modem and/or router in a secure, out-of-sight area. This stops anyone from interfering with it.
Be wary of public Wi-Fi
Public Wi-Fi hotspots are often unsecured with no encryption, meaning that someone with criminal intent and the right skills could be logging your data as you type or interfering with your traffic. Try to use public hotspots with encryption and, if you are worried, buy a VPN service which adds some protection.
Set network location as public
Windows lets you choose home, work or public. When you connect to a Wi-Fi hotspot, it will ask you, and if you are using a public Wi-Fi hotspot, select public for extra firewall protection on your device.
Wi-Fi
- Details