After I finished posting my previous review on my Linksys Wi-Fi router, I thought I should perhaps discuss the importance of securing personal Wi-Fi networks to prevent their unauthorised use by outsiders within the reach of your Wi-Fi router’s range.
Recent events, like the arrest of an American national in Mumbai whose Wi-Fi network was misused by terrorists, have shown what issues can arise if this is neglected. Not only this, a hacker can easily tap your usernames and passwords whenever you login to any sites (including your bank accounts) over an unsecured wireless network.
Wi-Fi is an inherently unsecure technology. Unlike an Ethernet cable, Wi-Fi means that both your laptop and the router broadcast the signal in all directions (since one could be anywhere with respect to the other). This means that anyone even outside your house, but within the reach of your network’s signal, can listen in on the information transferred between the two, and potentially misuse it.
In this post, I will discuss some very easy tips on how to secure your personal Wi-Fi network. I will try and use as little technical jargon as possible.
First, let me quickly explain how to access your Wi-Fi router’s administration menu. By default, most routers use the 192.168.1.1 IP address. So connect your laptop to your router via an Ethernet cable, and type in “192.168.1.1” in your browser’s address bar. That should open your router’s admin menu. To access it you will need to enter the username and password. By default, the routers come with standard usernames and passwords (e.g. “admin” on Cisco routers). So find it (it may be printed on your router) and enter it, and you’re in!
This is how it looks like on Linksys routers:
Now, do the following:
1. Change your router’s login username and password. As mentioned, all routers come with a standard default username and password. This must be changed, as otherwise it is very easy for anyone with a little technical background to login and change your router settings.
2. Turn off remote access to the admin console via Wi-Fi. By doing this, only someone physically connected to the router via an Ethernet cable will be able to change the router settings. Thus, no one even with access to the Wi-Fi network can change any settings remotely.
3. Turn on data encryption. By default, data that travels between your laptop and your Wi-Fi router is unencrypted. This makes it easy for anyone monitoring the signal to capture all this data. By turning on encryption, you make it extremely difficult for even a skilled hacker to interpret the actual data, since it’s now encrypted. Supported encryption standards are WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and the latest and strongest WPA2. You need to configure both the router and your laptop to use the same encryption standard, without which you will not be able to access the network.
4. Change the default SSID. The SSID is the name of the wireless network. When you click on “Search available networks” from your laptop, the laptop scans the airwaves and displays all available Wi-Fi networks. The names that you see in the search results are the SSIDs of the wireless networks. By default, routers are programmed with standard SSIDs (e.g. Netgear, WRT54G, etc). To an outside person, this can provide vital information about the type and make of your router and can make it easy for him to hack it. So change the SSID to something unique and personalized. However, don’t use any names that can disclose your identity such as your name or flat number.
5. Disable SSID broadcasts. Routers periodically broadcast their identity to allow anyone scanning for available networks to detect their presence. That’s how your laptop shows you the available networks when you do a scan. Now, a person can’t connect to a router unless he knows its SSID. You know what your network’s SSID is. Why tell the whole world? By disabling SSID broadcasts, you make it difficult for outsiders to detect your network by scanning for it.
6. Enable MAC address filtering. This means that only laptops whose MAC address are in the “allowed to connect” list will be allowed to connect to the router and use the Internet. Of course, you need to add your laptop Wi-Fi adapter’s MAC address to your router’s “allow” list. If you’re still reading, you probably already know that can get your MAC address by executing ‘ipconfig /all’ in your Windows command prompt.
7. Assign a static IP address to your laptop. Turn off DHCP on your Wi-Fi router. This way, no one can get an IP address assigned automatically by your router. Also, use a non-standard IP address range (192.168.1.x is an easy guess, so avoid it).
8. Make sure your router’s firewall is on. By default it will be on. Also, always keep the firewall on your laptop/PC turned on at all times.
Hope these tips were easy to understand and are useful. Wish you safer and happy browsing!
Airtel has a nice little guide for securing Wi-Fi networks, which has all of the points mentioned here along with screenshots that illustrate how to configure the settings. You can download it here.