WiFi will always have inherent vulnerabilities. That is just a fact of modern life. But it doesn’t mean you give up! You can make it harder on the bad guys by taking many simple actions to configure your WiFi.
Tips for Securing Your Home WiFI Network:
- Change your router’s default administrator password. Almost all network devices are pre-configured with default passwords to simplify setup and initial operation. Anyone with access to the Internet can find lists of default passwords for devices. This means if you don’t change yours bad guys can easily log in as administrator and change settings and take control of your net. This is a big deal. Change those default passwords!
- Ensure you are using the strongest encryption protocol available. Any new wireless router will give you options for using stronger encryption. At this time that is WiFI Protected Access 2 (WPA2), with Personal Advanced Encryption Standard (AES) and Temporary Key Integrity Protocol (TKIP). Routers vary in how these are configured so you will have to consult your router’s instruction manual. But it is easier to do than it may sound.
- Change your default WiFi network name. This is the name people see when they turn on their phone or tablet or computer near your WiFi. The default name may reveal information about the device you don’t want to be known. The WiFi network name is called Service Set Identifier (SSID). Make sure your network name is unique but does not identify your location or identity (suggestion: name it after your favorite planet, star or element).
- Disable WiFi Protected Setup (WPS). WPS makes it easier for wireless devices to join WiFi networks without having to enter a password. This is a great connivence for devices in the home. But a design flaw for the way authorization is done (with PINs) makes it much easier for hackers to exploit.
- Also disable the feature called Universal Plug and Play (UPnP). This feature is designed to let networked devices easily discover each other. However, attackers can exploit this. One way is through malware that gets into networks that then use UPnP to bypass firewalls and allow hackers to take control of devices and spread malware to other devices.
- Cut back your wireless signal strength. By reducing your WiFi signal strength you can make it a little bit harder for some adversaries to intercept your signals. The bad news is that if an attacker is motivated they can use antennas and special devices to listen from further away, but there is no reason for you to make life easier on them by boosting your signal further than you need to.
- Install a device like the FingBox to give you more control over your network and who is joining. This can let you totally drop connections if you need to.
- Turn off your network when you are not using it. You can do that with FingBox or, when traveling just turn it totally off.
- Be sure to upgrade your firmware. The way to do this varies from manufacturer to manufacturer, but is generally easy to do by following the steps listed in the manual. Check to see if you can turn on automatic updates.
- Consider disabling remote management. We use the remote management features of the Google WiFi, but they have a strong security architecture. If your system has remote management options be sure they are strong, or disable them.
Other references to help aid you in your risk mitigation activities: