Tips for Securing WIFI Networks

Tips for Securing WIFI Networks

The good news is that it’s not too difficult to lock-down your WIFI networks, which will both prevent others from stealing your internet and will also prevent hackers from taking control of your computers through your own wireless network.

Here are a few simple steps to help secure your wireless network:

Step 1. Open your router settings page

First, you need to know how to access your wireless router’s settings. Usually, you can do this by typing its IP address into your web browser, and then enter the correct user name and password for the router. This is different for each router, so first, check your router’s user manual.

You can also use Google to find the manuals for most routers online in case you lost the printed manual that came with your router purchase. For your reference, here are direct links to the manufacturer’s site of some popular router brands – Linksys, Cisco, Netgear, Apple AirPort, SMC, D-Link, TP-LINK, 3Com, Belkin.

Step 2. Create a unique password on your router

Once you have logged into your router, the first thing you should do to secure your network is to change the default password of the router to something very secure.

This will prevent others from accessing the router and you can easily maintain the security settings that you want. You can change the password from the Administration settings on your router’s settings page. The default values are usually admin / password or admin / pass or admin / admin.

Tip: To find your routers IP address, if you’re using a Windows PC:

  1. Open the start menu and run CMD (this is the Command/DOS application, little black box)
  2. In the CMD black box, type IPCONFIG and hit enter. (to list more details and adapters type IPCONFIG /ALL
  3. This will return your network adapters IP address, and Default Gateway.
  4. Type the Default Gateway address into your internet browser and this should navigate you to your routers config page (this may not work depending on your network setup)Example of IP config:Ethernet adapter Ethernet 2:Connection-specific DNS Suffix . :
    Link-local IPv6 Address . . . . . : fa70::60ka:358:5bee:b49e%13
    IPv4 Address. . . . . . . . . . . :  <– Your IP address
    Subnet Mask . . . . . . . . . . . :
    Default Gateway . . . . . . . . . :     <– Usually your routers IP address and config page address

The SSID (or WIFI Network Name) of your Wireless Router is usually pre-defined as “default” or is set as the brand name of the router (e.g., linksys). Although this will not make your network inherently more secure, changing the SSID name of your network is a good idea as it will hide the brand of your equipment, and you don’t really want to be broadcasting that your business is running a WIFI network. Also running a Hidden SSID can also help to reduce the visibility of your network, however anyone with Wi-Fi scanning tools like inSSIDer (Windows) and Kismet (Mac, Linux) can find all the available Wireless Networks in an area even if the routers are not broadcasting their SSID name.

Step 4. Enabling WIFI Encryption

In order to prevent other computers in the area from accessing your WIFI network and data, you need to encrypt your WIFI signals. You might already have this in-place however it wouldn’t hurt to double check your settings to ensure your protected.

There are several encryption methods for wireless networks, including WEP, WPA (WPA-Personal), and WPA2 (Wi-Fi Protected Access version 2). WEP is basic encryption and therefore least secure and can be easily cracked easily and should NOT be used even though it’s compatible with a wide range of devices including older hardware. WPA2 is the most secure but is only compatible with hardware manufactured since 2006.

To enable encryption on your Wireless network, open the wireless security settings on your router’s configuration page, from here you can view which security protocol your using; confirm you are only using WPA2.

When settings a passphrase to access the network; make sure to set this to something that would be difficult for others to guess, and consider using a combination of letters, numbers, and special characters in the passphrase.

Fun fact: AirCrack and coWPAtty are some free tools that allow even non-hackers to crack the WEP / WPA (PSK) keys using dictionary or brute force techniques.

Read more about the upcoming WPA3 standard, are you ready?

Step 5. Filter MAC addresses

Whether you have a laptop or a Wi-Fi enabled mobile phone, all your devices that can access a Network (wired or wireless) will have a unique MAC address which is the unique physical address given to your cards/adapters (this has nothing to do with an Apple Mac) just like every computer connected to the Internet has a unique IP address, they also have a MAC address.
For an added layer of protection, you can add the MAC addresses of all your devices to your wireless router’s settings so that only the specified devices can connect to your Wi-Fi network.

MAC addresses are hard-coded into your networking equipment, but unfortunately, it’s easy to spoof a MAC address… Someone can change the MAC address of his or her own computer and can easily connect to your network since your network allows connection from devices that have that particular MAC address. Anyone can determine the MAC address of your device wireless using a sniffing tool like Nmap and he can then change the MAC address of his own computer using another free tool like MAC Shift.

To enable MAC address filtering, first make a list of all your devices that you want to connect to your wireless network. Find their MAC addresses, and then add them to the MAC address filtering in your router’s config page.

Tip: To find your MAC address, if you’re using a Windows PC:

  1. Open the start menu and run CMD (this is the Command/DOS application, little black box)
  2. In the CMD black box, type  IPCONFIG  /ALL
  3. This will return your network adapters details and the “Physical Address” is your MAC address (It looks like this – Physical Address. . . . . . . . . : 80-3A-7A-43-61-31)

Step 6. Reduce the Range of the Wireless Signal

If your WIFI network is extending outside your office, you can consider decreasing the signal range by either changing the mode of your router to 802.11g (instead of 802.11n or 802.11b) or by limiting the power output – not all brands allow this.

Step 7. Upgrade your Router’s firmware

You should check the manufacturer’s site regularly to make sure that your router is running the latest firmware. You will find the existing firmware version of your router from the router’s config pages.

Connect to your Secure Wireless Network

To conclude, MAC Address filtering with WPA2 (AES) encryption (and a really complex passphrase) is probably the best way to secure your wireless network.

Once you have enabled the various security settings in your wireless router, you need to add the new settings to your computers and other wireless devices so that they all can connect to the Wi-Fi network.

Who is Connected to your Wireless Network

If you are worried that an outsider may be connecting to your network – speak with an IT professional who can audit your equipment logs and set up monitoring and reporting.

Share this post

Leave a Reply