I am setting up a Wifi network at home and this post details some of the security measures that I have taken. This is mainly advice that I have gotten from friends or just by googling. I am sure that I won’t mention everything you could do to secure your wifi network but it is at least a start. If you have any other tips then please leave a comment.
Change the default admin username/password
My router (Netopia) came with no login required so anyone on my home network could easier reconfigure my wireless router. This is an obvious security risk so you should ensure that credentials are required to change the router’s configuration and also ensure that you change the password to something other than the default.
Turn on Wireless Encryption
Any decent wireless router should come with this already turned on but you need to check this. My wireless router arrived with WEP enabled. Definitely better that no encryption at all but most wireless routers these days also support WPA which is actually more secure so you should change it to that to prevent someone from hacking your network.
MAC Address Filtering
Each network card is assigned a unique MAC address by the manufacturer. By enabling MAC address filtering you are only allowing computers with the preset MAC addresses access to the network. So in your router’s configuration you will need to add the MAC address of each device that you want to allow to access the network. Remember that if you friend calls around with their laptop then you will need to add their MAC address to the list. Apparently it is relatively easy to spoof a MAC address, a quick google told me how to change my MAC address in a matter of seconds. Still worth doing though
Static IP Addresses
For each device/computer to work correctly on the network it has to have a valid IP address. My wireless router was preconifgured to use DHCP (this is were the router dynamically assigns IP addresses to each computer that requests one). It is more secure to assign a Static IP address to each computer that requires access to the network. You will need to reconfigure your router to use static ip addressed instead of DHCP. Since a hacker is now not automatically assigned an IP address he/she would have to gain access to the router first to get an IP address.
Enable Firewalls
You should enable the in-built firewall in your wireless router and also ensure that you have a firewall on each device connected to your network. If you are running Windows that you can use either Windows Firewall or ZoneAlarm (free – I use this one).
These are by no means the only things that you can do to secure your network but it should be a good start. If you have any other ideas then please leave a comment.
I was going to suggest turning off broadcasting of SSIDs as an option. But decided against it as it turns out its not only far from being foolproof, it might even be considered counter productive and actually something that might aid hackers. It turns out your laptop will be incessantly and obsessively looking for your ‘hidden’ network .. even when you are out of range, thereby managing to broadcast the name of your SSID far and wide .. beyond anything your puny router could have accomplished.
Oh, & also make sure your WPA key isnt too short or predictable. Try http://www.random.org to generate keys … or just to test how lucky you really are by trying to predict ‘truly random’ coin flips.
As for WEP, concerned friends (whose name rhyme with “beds”) are eager to teach you how to crack it in 3 minutes. 🙂
Thanks for the comments Kushal
Hi … can u pls tell me how to set up a password or security for my wireless router for my laptop as my neighbours are using my connection as mine is faster and it in turn makes my connection alot slower … Jennie
Jennie, you need to utilize the security measures as outlined by Sean in the post above. Using a combination of several features at once (like the WPA-PSK protocol, MAC address and changing the SSID from a default setting) may discourage casual outsiders sharing your connection. It’s all done from the router access panel, which you should have somewhere on your computer.