Wireless (WiFi) networks are convenient.  There are no cables to run, expanding it with wireless repeaters is relatively easy but let me ask you a question.  Is it secure?  If you have kept the default network name, settings, login and password on your router then most assuredly, it is not.  Any “Joe Hacker” (and it wouldn’t take much hacking) walking by could get into your network and computer to see exactly what you are doing.  Don’t let this happen to you!  Secure your router using its built-in tools.

It’s easy enough to keep the “default settings” which means the network name is just the (brand) name of the router and the login and password are usually “admin” and “password,” respectively.  That’s bad enough but if the signal is not encrypted then anyone on the street has access to your Internet connection.  Let’s fix that.

Change the network name and login information

Each router will vary on it’s configuration so you may have to go out to the manufacturer’s site and look up the instructions.  When doing so make sure to have the model number of your router.  In most cases just head to the “Support” page and select the model number of your router (likely located on the bottom of the unit).

Follow the instructions to rename your network, just give it something other than “Default” or “Netgear” but don’t use your name, birth dates, social security numbers or other personal information.  Then, change the login settings.  Some routers allow you to change the login name and some don’t, that depends on make and model.  If it does, change it, if not move on to changing the login password.  Again, don’t use your name, birth dates, social security numbers or other personal information but make sure it’s something you’ll remember.  A combination of 8 letters and numbers is usually good enough for your home.  Don’t go overboard or you won’t remember the password.

(Note, if you ever forget your login or password, follow the manufacturer’s instructions for “resetting” the router.  You will have to follow the set-up instructions again.)

Encrypt the network

Without encryption, anyone within range of the signal will be able to use your Internet connection, this is a bad thing.  You will have to select the type of encryption which mainly depends on how old/new your other hardware is.  WEP encryption is compatible with all devices made today and six years ago but this is not very secure and easily broken. WEP should not be used unless you have a device that isn’t compatible with the stronger encryptions.  If using WEP, select the 128-bit option.

Any router bought today or out to three years ago most likely supports the stronger WPA encryption and may support the even more secure WPA2 encryption.  All routers that can be purchased today will most likely support WPA2.  However, WPA2 may not be compatible with all your devices so if you encounter trouble, drop back to WPA.

When using the encryption, you will have to enter a pass key or allow the router to generate one for you.  Depending on how complicated it is, you may have to write it down so you can enter the key on other devices that you wish to connect to the network.

These options and settings will vary so consult your manual or visit the manufacturer’s support site for specific instructions.  Windows will offer to store your settings on a USB flash drive which makes it convenient to set up other computers on your network.  It’s up to you whether you do this or not, just don’t lose the flash drive.

Hide the network name (SSID) (Optional)

This has a good side and a bad side.  By hiding the name (SSID) of your network, it is not broadcasting its name and is therefore not “discoverable” to everyone.  This makes things nice and secure.  But, any devices you wish to use with it will not automatically see the “name” of the network or ask to automatically connect.  You will have to manually enter the name of the network and pass key on any device that you want to connect.  Once entered, devices will automatically connect.  This is bad and makes setting up new devices more of a hassle.

There comes a time when you must reach the proper balance of security and usability.  It’s really up to you and unless you’re really paranoid, this step isn’t necessary.  As long as your connection is encrypted and the login information is not “default” this is usually enough if you are living in the suburbs.  You may want to reconsider if you live in a city or anywhere near known hackers though, how you find that out is beyond me.

My advice is to just let it broadcast the SSID to make setting up additional devices easy, just have your password handy when it asks to connect.

Activate the hardware firewall

All routers, even the cheapest and most basic router will have a built-in hardware firewall.  Turn it on for maximum security.  Again, settings vary from model to model so consult the manufacturer’s support site.  This will prevent people that are able to circumvent your other measurers from accessing your PC.

As an additional layer, some routers include “intrusion detection.”  If this option is activated, your router will contact you (usually by email) if it thinks someone is trying to gain access or circumvent your security measures.  The most advanced routers will disconnect from the Internet if an intruder is detected and reconnect once the attack has passed.

If you desire a hardware firewall for protection at wireless hotspots, check out the Yoggie firestick pico which is a USB plug-and-play hardware firewall.

Install a software firewall

Now that your home connection is safe and secure, what to do about security while on-the-go?  It is recommended to install a software firewall on all your computers.  This just adds another layer of protection and allows you to monitor the incoming and outgoing traffic on your computer.  Pop-up notifications will alert you to “suspicious” activity.  Free firewalls are offered by a number of companies.  If you are using Windows XP check out the Comodo Personal Firewall or PCTools Firewall plus.

Both of those free options have had various problems running under Vista and I can’t fully recommend them to anyone using that operating system.  For Vista check out Vista Firewall Control which uses the built-in firewall but adds some configuration options and pop-up notifications as well ad turning on the “two-way traffic” feature which keeps an eye on inbound and outgoing connections.  Default behavior for Vista is just to check outgoing connections only.

For the novices out there, this may seem like a lot of work but its not.  You stand to lose a lot more if you don’t protect your network, if you haven’t yet done so, taking these preventative measures will be well worth the time.

Related:

Is someone stealing your Wi-Fi enabled Internet connection?

New York war-surveyed: 1 in 4 businesses employ open wireless networks

FCC moves toward wireless Internet plan despite carrier’s pleas

Half of UK computer users found guilty of Wi-Fi thievery

Cox bundling Sprint wireless, building possible LTE 4G network

Sign up for the BLORGE daily email newsletter

Entry was posted on Wednesday, January 30th, 2008 at 12:11 pm under Internet, Security, Wi-Fi.

Read more entries by Jonathan Schlaffer.
Stumble It!