The Internet is a vast, interconnected space brimming with data that’s like life-giving nectar to ne’er-do-wells who prey on vulnerability. Nothing is 100-percent secure on the Web. Unfortunate, but true. There are, however, two keys to stronger security: using layers of prevention, and eliminating low-hanging fruit.
In most cases attackers look for easy targets — and insecure WIFI spots are about as easy as it gets.
Cyber criminals use insecure wireless networks for all kinds of malicious activity, including compromising connected computers to steal account information and using the network to send spam or host pirated content. On a less wicked but still costly level, hackers using your wireless network can rack up steep charges that you’ll have to foot the bill for when your network usage exceeds the monthly bandwidth limit that many Internet providers set. It’s all bad stuff, really.
10 tips to secure your wireless network
Use these tips and suggestions to make your WIFI network more secure, which will deter attackers from using it.
Note: Depending on your router’s manufacturer, some tips/suggestions might not be possible.
- Update your firmware. The latest firmware might give you more functionality and patch security holes. Visit your manufacturer’s website for more information about firmware updates.
- Never admin wirelessly. Avoid administrating your router via a wireless signal with a Web GUI; always do so wired. If possible, disable wireless administration in the routers configuration.
- Use HTTPS. If possible, force connections to your router’s Web-based GUI to use HTTPS, which encrypts data transmitted over the wire.
- Modify defaults. Change default user names, passwords, and host names. Use a password of at least 10 characters with numbers, upper case/lower case alphabetic characters and special characters. Update your host name, which by default usually describes the model and/or make of the router, to something custom and unique.
- Broadcast SSID. If you have the option to hide or broadcast your SSID, I suggest not hiding it. The hiding aspect is not very good, and numerous security tools can scan for and detect SSIDs.
- Select WPA2. Select WPA2 if you have the option. WEP is considered legacy because it’s old and can be cracked in minutes. If WEP is your only option, it’s time to upgrade your equipment. (The only thing better than WPA2 with 64-character strings is enterprise, but most routers don’t support this option.)
- Use AES over AES/TKIP. If you have the option, select AES for better encryption. The AES/TKIP option is not recommended because your router will accept AES or TKIP, making it a less secure encryption method.
- Set a strong wireless password. Longer is better. The maximum password length for WPA2 is 64 characters. Again, use upper and lower case characters, numbers, letters and special characters. Never use a word that can be found in the dictionary.
- Rotate your password. Change your WIFI password often. The more often the better, and every 30 days is a good starting point. Check out this article about using a handy password manager.
- Enable the firewall. If your router has the option, be sure to enable the firewall.
Bonus: I’d also suggest disabling remote administration outside of the local network, including HTTP/HTTPS, SNMP and SSH/TELNET if available.
What else do you do to secure your wireless network? I’d love to hear about it in the comments below!