Secure Your WIFI Network From Intruders
It’s intended to keep unwanted intruders out while allowing users on the network to perform tasks and access network resources as normal.
Any network that has been compromised by a hacker can be destroyed.
Okay now let me be honest with you….Wireless isn’t secure….nope…..not even with WPA2 and a pre-shared key that’s in essence of 60 characters. WPA2 PSK is one of the highest and secure WIFI methods but with the right tools and time needed it can be broken and decrypted.
If your network is running slower than usual, or you have unexpected reboots or a loss of internet service then you may have been compromised.
The first step an intruder will take to connect to your network is to decipher your network key. Once he has obtained the network key the next line of defence will be your routers network settings.
You can only do so much to protect your wireless key from being compromised but there are lots of security settings that you can change to make your network more secure.
Turn of SSID broadcast
Your SSID is the broadcast name of your wireless network.
You can change your SSID name easily on most routers, but you should considder turning off the SSID broadcast. This will make your home network invisable to anybody who does a search for local networks.
Change your IP range and subnet
Your router will automatically set your IP range and subnet mask. Normally this is 192.168.0.1 althought each manufacturer will have there default value set.
You should change your IP range and subnet mask and default gateway where possible from the default to make your network more secure. Information on many routers default values is widely avaliable on the internet. This is one of the most funamential security issues that can be easily changed in youor routers setup config.
Change your routers default password
If you know your routers make and model then you can almost always find its default password on the internet.
You should change your password to your router and your logon name were possible.
Disable remote administration
Some routers have this option built in, however you should check that its disabled first. This is one of the first routes that any intruder will try to get into your network.
Remote adminstartion is a means of connecting to your router externally (from outside your home) If you dont use remote administartion then its wise to ensure its disabled.
Remote users connect to the router via entering its externet ip address followed by the port, typically 8080. Your router should then prompt you to enter user ID and password to gain access to the router.
DHCP Server
By default most routers have this option turned on. DHCP works by automatically assigning an ip address to a host when they connect to the network. Unless its not practical turn this off.
You need to configure your network adaptor with the settings, take note of your ip, subnett mask and default gateway and set this manually.
Turning this option off means that a new host will not be automatically connected to your home network, they will have to manually configure there adaptor to match your settings. If the settings are not correct the host will not be able to interact with the rest of the network.
If you changed your network range as described above…Congratulations you just made your network more secure.
Mac Filtering
Every computer equiped with a network adaptor will have a Mac Address that is written onto the device during manufacturer process.
You can find your Mac address from your computer by runnung the Ipconfig/all command into the command line. After you have obtained your Mac address turn on Mac filtering and add your Mac address into the allowed list. You can then configure your router to only allow specific hosts to connect to your network, putting you back in control.
Reduce your WLAN transmitter power
Reducing your transmit power will make this harder for other hosts to interact with your network. Its almost impossible to fine tune this so that your network is only avaliable from within your home, but it will make life hard for anybody that tries to target your network from outside.
Disable Wireless Administration
Some routers have the option to disable wireless administration. This prevents any host on the wireless network from making any system wide changes. If enbaled you will have to be hardwired to your router with an ethernet cable to make any changes.
Users that are connected to the router via wireless will not be able to make any changes.
When enabled this will prevent an intruder from making changes to your router that could open you upto further attacks.
Check your logs
Logs are there to log any action in general that happends on your network. Check these regulary.
Where possible setup an email alert so that you can be made aware of any problems while your away. Most routers will have the option to alert you when a user attempts to access a banned site or resource that isnt permitted or when a host tries to perform a DOS attack on your network.
Check that your time and date settings are correct, this makes it easier to trace log entries.
When not in Use turn your router off
This is the final line of defence, unless its not practical turn your router off when your not using it.
Also you should considder changing your passwords to the router and our wireless key every often. Check The manufacturers website for an firmware updates that maybe avaliable for your router.
Always take care when updating your routers firmware….If you update the wrong version you will overwrite the previous code and render your router useless.
