I am setting up a Wifi network at home and this post details some of the security measures that I have taken. This is mainly advice that I have gotten from friends or just by googling. I am sure that I won’t mention everything you could do to secure your wifi network but it is at least a start. If you have any other tips then please leave a comment.
Change the default admin username/password
My router (Netopia) came with no login required so anyone on my home network could easier reconfigure my wireless router. This is an obvious security risk so you should ensure that credentials are required to change the router’s configuration and also ensure that you change the password to something other than the default.
Turn on Wireless Encryption
Any decent wireless router should come with this already turned on but you need to check this. My wireless router arrived with WEP enabled. Definitely better that no encryption at all but most wireless routers these days also support WPA which is actually more secure so you should change it to that to prevent someone from hacking your network.
MAC Address Filtering
Each network card is assigned a unique MAC address by the manufacturer. By enabling MAC address filtering you are only allowing computers with the preset MAC addresses access to the network. So in your router’s configuration you will need to add the MAC address of each device that you want to allow to access the network. Remember that if you friend calls around with their laptop then you will need to add their MAC address to the list. Apparently it is relatively easy to spoof a MAC address, a quick google told me how to change my MAC address in a matter of seconds. Still worth doing though
Static IP Addresses
For each device/computer to work correctly on the network it has to have a valid IP address. My wireless router was preconifgured to use DHCP (this is were the router dynamically assigns IP addresses to each computer that requests one). It is more secure to assign a Static IP address to each computer that requires access to the network. You will need to reconfigure your router to use static ip addressed instead of DHCP. Since a hacker is now not automatically assigned an IP address he/she would have to gain access to the router first to get an IP address.
You should enable the in-built firewall in your wireless router and also ensure that you have a firewall on each device connected to your network. If you are running Windows that you can use either Windows Firewall or ZoneAlarm (free – I use this one).
These are by no means the only things that you can do to secure your network but it should be a good start. If you have any other ideas then please leave a comment.