The reason why we choose WiFi over cables are that we can use WiFi without any issues anywhere in the area without worrying more about the clutter of cables and everything. Should you have a smartphone and WiFi set up at your home, you are all set to go. All you have to do is switch on your WiFi and get going. Sometimes in the process we want to secure our WiFi wireless network just to make sure that no body else is using our internet and has access to the sites and things we are doing over the internet. There arises the question how to secure WiFi wireless network.
With the traditional wired networks, it is extremely difficult for someone to steal your bandwidth but the big problem with wireless signals is that others can access the Internet using your broadband connection even while they are in a neighbouring building or sitting in a car that’s parked outside your apartment.
This practice, also known as piggybacking is bad for three reasons:
- It will increase your monthly Internet bill especially when you have to pay per byte of data transfer.
- It will decrease your Internet access speed since you are now sharing the same internet connection with other users.
- It can create a security hazard* as others may hack your computers and access your personal files through your own wireless network.
[*] What do the bad guys use – There have been quite a few instances where innocent Internet users have been arrested for sending hate emails when in reality, their email accounts where hacked though the unsecured Wi-Fi networks that they had at home. Wireshark is a free packet sniffing tool for Linux, Mac and Windows that can scan traffic flowing though a wireless network including cookies, forms and other HTTP requests.
So in order to avoid all these How Do You Secure WiFi wireless networks.
How to secure your WiFi wireless network
Now that you are here, I want to tell you that this is not so difficult to secure your WiFi wireless network to get rid of all these tension. Hence here are some simple steps which you can use to secure your WiFi Wireless network.
Step 1. Open your router settings page
Please read this article to know the IP address of your router and then once you have that you can type that in the browser window and get into the settings of your router. For your reference, here are direct links to the manufacturer’s site of some popular router brands – Linksys,Cisco, Netgear, Apple AirPort, SMC, D-Link, Buffalo, TP-LINK, 3Com, Belkin.
Step 2. Create a unique password which can not be guessed on your router
Once you have logged into your router, the first thing you should do to secure your network is to change the default password* of the router to something more secure which can not be easily guessed. Say for an example my routers password I can not keep as Prabhu123 because that is not secure and can be guessed easily. Request you to choose a password that is more complex and can not be guessed.
This will prevent others from accessing the router and you can easily maintain the security settings that you want. You can change the password from the Administration settings on your router’s settings page. The default values are generally admin / password.
[*] What do the bad guys use – This is a public database of default usernames and passwords of wireless routers, modems, switches and other networking equipment. For instance, anyone can easily make out from the database that the factory-default settings for Linksys equipment can be accessed by using admin for both username and password fields.
Step 3. Change your Network’s SSID name
The SSID (or Wireless Network Name) of your Wireless Router is usually pre-defined as “default” or is set as the brand name of the router (e.g., DLink). Although this will not make your network inherently* more secure, changing the SSID name of your network is a good idea as it will make it more obvious for others to know which network they are connecting to.
[*] What do the bad guys use – Wi-Fi scanning tools like inSSIDer (Windows) and Kismet (Mac, Linux) are free and they will allow anyone to find all the available Wireless Networks in an area even if the routers are not broadcasting their SSID name.
Step 4. Enable Network Encryption
In order to prevent other computers in the area from using your internet connection, you need to encrypt your wireless signals so that the signal is scrambled when a hacker tries to get into your WiFi wireless network.
There are several encryption methods for wireless settings, including WEP, WPA(WPA-Personal), and WPA2 (Wi-Fi Protected Access version 2). WEP is basic encryption and therefore least secure (i.e., it can be easily cracked*, but is compatible with a wide range of devices including older hardware, whereas WPA2 is the most secure but is only compatible with hardware manufactured since 2006.
To enable encryption on your Wireless network, open the wireless security settings on your router’s configuration page. This will usually let you select which security method you wish to choose; if you have older devices, choose WEP, otherwise go with WPA2. Enter a passphrase to access the network; make sure to set this to something that would be difficult for others to guess, and consider using a combination of letters, numbers, and special characters in the passphrase.
[*] What do the bad guys use – AirCrack and coWPAtty are some free tools that allow even non-hackers to crack the WEP / WPA (PSK) keys using dictionary or brute force techniques. A video on YouTube suggests that AirCrack may be easily used to break WiFi encryption using a jail-broken iPhone or an iPod Touch.
Step 5. Filter MAC addresses
Now, I am sure that when you are using WiFi network you are not expecting thousands of people accessing it, hence the best way to monitor the access is to allow to access the internet for those who have their MAC address registered in the router you are using. The more interesting thing is that using the MAC address you can also monitor a person can use the network from what time to what time.
[*] What do the bad guys use – Someone can change the MAC address of his or her own computer and can easily connect to your network since your network allows connection from devices that have that particular MAC address. Anyone can determine the MAC address of your device wireless using a sniffing tool like Nmap and he can then change the MAC address of his own computer using another free tool like MAC Shift.
Step 6. Reduce the Range of the Wireless Signal
If your wireless router has a high range but you are staying in a small studio apartment, you can consider decreasing the signal range by either changing the mode of your router to 802.11g (instead of 802.11n or 802.11b) or use a different wireless channel.
You can also try placing the router under the bed, inside a shoe box or wrap a foilaround the router antennas so that you can somewhat restrict the direction of signals.
Apply the Anti-Wi-Fi Paint – Researchers have developed a special Wi-Fi blocking paint that can help you stop neighbors from accessing your home network without you having to set up encryption at the router level. The paint contains chemicals that blocks radio signals by absorbing them. “By coating an entire room, Wi-Fi signals can’t get in and, crucially, can’t get out.”
Step 7. Upgrade your Router’s firmware
You should check the manufacturer’s site occasionally to make sure that your router is running the latest firmware.
Connect to your Secure Wireless Network
To conclude, MAC Address filtering with WPA2 (AES) encryption (and a really complex passphrase) is probably the best way to secure your wireless network. Once you have enabled the various security settings in your wireless router, you need to add the new settings to your computers and other wireless devices so that they all can connect to the Wi-Fi network. You can select to have your computer automatically connect to this network, so you won’t have to enter the SSID, passphrase and other information every time you connect to the Internet.
Your wireless network will now be a lot more secure and intruders may have a tough time intercepting your Wi-Fi signals.