Simple Tips to Secure Your Wi-Fi Network

After I finished posting my previous review on my Linksys Wi-Fi router, I thought I should perhaps discuss the importance of securing personal Wi-Fi networks to prevent their unauthorised use by outsiders within the reach of your Wi-Fi router’s range.

Recent events, like the arrest of an American national in Mumbai whose Wi-Fi network was misused by terrorists, have shown what issues can arise if this is neglected. Not only this, a hacker can easily tap your usernames and passwords whenever you login to any sites (including your bank accounts) over an unsecured wireless network.

Linksys WAG200G

Wi-Fi is an inherently unsecure technology. Unlike an Ethernet cable, Wi-Fi means that both your laptop and the router broadcast the signal in all directions (since one could be anywhere with respect to the other). This means that anyone even outside your house, but within the reach of your network’s signal, can listen in on the information transferred between the two, and potentially misuse it.

In this post, I will discuss some very easy tips on how to secure your personal Wi-Fi network. I will try and use as little technical jargon as possible.

First, let me quickly explain how to access your Wi-Fi router’s administration menu. By default, most routers use the 192.168.1.1 IP address. So connect your laptop to your router via an Ethernet cable, and type in “192.168.1.1” in your browser’s address bar. That should open your router’s admin menu. To access it you will need to enter the username and password. By default, the routers come with standard usernames and passwords (e.g. “admin” on Cisco routers). So find it (it may be printed on your router) and enter it, and you’re in!

This is how it looks like on Linksys routers:



Linksys admin console



Now, do the following:

1. Change your router’s login username and password. As mentioned, all routers come with a standard default username and password. This must be changed, as otherwise it is very easy for anyone with a little technical background to login and change your router settings.

2. Turn off remote access to the admin console via Wi-Fi. By doing this, only someone physically connected to the router via an Ethernet cable will be able to change the router settings. Thus, no one even with access to the Wi-Fi network can change any settings remotely.

3. Turn on data encryption. By default, data that travels between your laptop and your Wi-Fi router is unencrypted. This makes it easy for anyone monitoring the signal to capture all this data. By turning on encryption, you make it extremely difficult for even a skilled hacker to interpret the actual data, since it’s now encrypted. Supported encryption standards are WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and the latest and strongest WPA2. You need to configure both the router and your laptop to use the same encryption standard, without which you will not be able to access the network.

4. Change the default SSID. The SSID is the name of the wireless network. When you click on “Search available networks” from your laptop, the laptop scans the airwaves and displays all available Wi-Fi networks. The names that you see in the search results are the SSIDs of the wireless networks. By default, routers are programmed with standard SSIDs (e.g. Netgear, WRT54G, etc). To an outside person, this can provide vital information about the type and make of your router and can make it easy for him to hack it. So change the SSID to something unique and personalized. However, don’t use any names that can disclose your identity such as your name or flat number.

5. Disable SSID broadcasts. Routers periodically broadcast their identity to allow anyone scanning for available networks to detect their presence. That’s how your laptop shows you the available networks when you do a scan. Now, a person can’t connect to a router unless he knows its SSID. You know what your network’s SSID is. Why tell the whole world? By disabling SSID broadcasts, you make it difficult for outsiders to detect your network by scanning for it.

6. Enable MAC address filtering. This means that only laptops whose MAC address are in the “allowed to connect” list will be allowed to connect to the router and use the Internet. Of course, you need to add your laptop Wi-Fi adapter’s MAC address to your router’s “allow” list. If you’re still reading, you probably already know that can get your MAC address by executing ‘ipconfig /all’ in your Windows command prompt.

7. Assign a static IP address to your laptop. Turn off DHCP on your Wi-Fi router. This way, no one can get an IP address assigned automatically by your router. Also, use a non-standard IP address range (192.168.1.x is an easy guess, so avoid it).

8. Make sure your router’s firewall is on. By default it will be on. Also, always keep the firewall on your laptop/PC turned on at all times.

Hope these tips were easy to understand and are useful. Wish you safer and happy browsing!

UPDATE:

Airtel has a nice little guide for securing Wi-Fi networks, which has all of the points mentioned here along with screenshots that illustrate how to configure the settings. You can download it here.


Signature

5 Comments

  1. Mohit AroraMohit Arora12-19-2010

    Have just started following your blog.

    By the way check out http://www.rediff.com/getahead/report/how-to-secure-your-wireless-network/20101208.htm

    Lot of similarities!

    • Vijay PadiyarVijay Padiyar12-19-2010

      Hi Mohit

      Thanks for your comment. Yes I saw that article. Similarities are there but I guess that’s because these are generic points. If I hadn’t published this post on my site, I would have got it published on Rediff.com :-). They have a policy of not republishing already published articles.

      Regards

      Vijay

  2. CobyCoby12-10-2010

    I know some points you mentioned about securing the WiFi Network. But I never did the points 4 and 5 about SSID. Very impressive post. I bookmarked this post for my future reference and linked this post from one of my blog. Keep it up.

  3. VinodVinod03-20-2009

    I have Cisco Linksys WAG200G. Can you help me to configure AIRTEL broadband connection. My e-mail: vinod.chatwani@gmail.com. Contact No: 09276805800

    • Vijay PadiyarVijay Padiyar03-21-2009

      Hi Vinod

      Did you follow the below steps while installing it?

      1. Connect the telephone cord to a splitter (will be given by Airtel). From the splitter, one cord will go to your phone and other to your router (WAG200G). DO NOT connect the phone and router together to the phone cable bypassing the splitter, as there will be disturbance in both.

      2. Connect the router to the cord from the splitter, and connect your laptop/PC to any of the router’s Ethernet ports with an Ethernet cable.

      3. Insert the Linksys setup CD in your laptop/PC and switch on the router.

      4. The setup process should start automatically. If not, double click on the CD drive icon in “My Computer” to start it.

      5. The setup will basically ask you to choose your service provider (Airtel, BSNL, Tata Indicom, etc.). Choose Airtel. It will then configure the default settings for Airtel. It will also ask you for your Airtel broadband username and password. If you don’t know these, you must call Airtel and ask for the same. Typically, the username will be of the format (std-code)(ph-no)_(state)@airtelbroadband.in. For example, 08043211234_kk@airtelbroadband.in. The password may be in the format (city)(some-number), e.g. blr2322342.

      6. After entering all this information, the setup program will configure the router, save the settings and reboot the router. After it reboots, you should see the “DSL” and “Internet” LEDs both lit green.

      Troubleshooting:

      If the DSL LED is not lit, it means there is a problem in the telephone cord coming to the modem. Check if your phone is working. Check if you’ve connected the phone and modem cords correctly in the splitter.

      If the Internet LED is red, it means that the router settings you configured are wrong. Probably the username or password you entered may be wrong.

      If both Internet and DSL LEDs are green, then you should be able to connect to the router from your laptop/PC and browse the Internet. Ensure that there is no IP address configured on your laptop’s Ethernet port. It should be configured to “obtain an IP address automatically.”

      Once you are able to connect through an Ethernet port successfully, you should then scan for the Wi-fi network from your laptop (after disconnecting the Ethernet cable). It should show up in the search results as “Linksys.” Double-click on it and you should be able to connect to the network.

      In this mode, wireless security will be minimal. You can then implement the suggestions given in my blog http://www.vijaypadiyar.in/blogs/2009/03/simple-tips-to-secure-your-wi-fi.html to secure the network from hackers.

      Hope this helps!

      Regards

      Vijay Padiyar

Leave a Reply