Consider the story of one Buffalo, New York man a cautionary tale. The man’s house was raided by agents from the U.S. Immigration and Customs Enforcement agency, which later turned out to be a mistake. The reason? Department of Homeland Security agents traced a distributor of child pornography back to the man’s home Wi-Fi router.
The trouble was, the man wasn’t the one distributing the illicit and illegal material — authorities say it was his neighbor, who was connecting to his Wi-Fi network. The agents didn’t have the wrong house, but it took them a week to determine that they had the wrong suspect.
For the less tech savvy among us, protecting an Internet router can be a daunting task, requiring technical know-how that gets confusing. But with just a few seconds, the router’s manual, and some understanding of what you’re looking for, setting up at least some router security can be pretty easy, and can save Internet users from issues like identity theft and an unfortunate visit from the U.S. government. Here are a few tips for keeping your network, and your data, away from those who would hijack it.
[sc name=”numlist” number=”1″ title=”Set up a password – or even better – an encryption key”]
Adding some kind of password to your network is a way to immediately discourage probably 99 percent of the people who could jack into your Wi-Fi connection remotely, and it really is just about the easiest thing ever to do to protect yourself. Adding a secure password to the Wi-Fi is an approach to quickly prevent anyone from easily connecting to it. With most wireless networks, this can be done by logging into the router and then adjusting the password accordingly. All you need is the Ethernet cable that comes with a router when you pull it out of the box or installed by a cable company, and the manual that comes with the router. By using the cable to plug directly into the router, a computer can access the router’s internal settings using an Internet browser. The address (usually in the form of what’s called an IP address, generally 192.168.1.1 or something similar) gets you into the router’s inner workings, but you need the cable to access it, so it can’t be altered remotely. The router’s manufacturer password is also included in the manual (usually it’s “admin” or “password”), and you should change that too from the settings menu for added internal security to keep prying eyes out.[sc name=”quote” text=”Adding a secure password to the Wi-Fi is an approach to quickly prevent anyone from easily connecting to it.”]
From there, it’s usually as simple as going to the security settings for your router and activating an encrypted password called a WEP or WPA key. This is presented in the form of a long chain of letters and numbers that the router can generate for you. Users can change the password to one which is both secure and easily remembered in order to enhance security. The good thing about setting a complicated password is that it offers more security while the connected devices can access the network automatically without the need to enter the password in every time. You can specify a password of your own, but the router’s generated key is a much stronger encryption than using a password someone might be able to guess. Most modern computers will save passwords when you connect to your home Wi-Fi network, so you shouldn’t need to specify the network password again when signing onto the Internet, unless something gets reset.
For the iPhone or iPad hotspot, a similar method can be used to enhance the hotspot security. All that a user needs to do is to simply go to the network settings app and change the password. With this, there is no need to enter the password every time the hotspot is made available unless the device is restored.
[sc name=”numlist” number=”2″ title=”Turn on MAC address filtering and router firewalls”]
While it is absolutely essential to use a password or encryption key to keep your Wi-Fi network secure, there are a number of other easy steps to make it even more protected.
Each computer that uses your network has a specific number attached to it called a “MAC (Media Access Control) address.” This is actually a physical number assigned to the actual Wi-Fi adapter hardware in your computer or mobile device. From the internal settings of your router, you can determine the MAC addresses of the computers that you want to be able to access your network and specify them to the router. Any device that doesn’t have the right MAC address will be denied access.
In order to set MAC addresses, you’ll need to have the devices you want to be able to use on your network connected so you can see their addresses in the router’s “MAC Address” section. There, you can usually just click a button that turns on the router’s MAC limiting setting, and then select which addresses are allowed access to the network. With this setup, any other device which has an entirely different MAC Address apart from that particular device will not be able to connect to the wireless network. Due to the fact that the MAC address is one-of-a-kind and allocated in the specific hardware, some other PCs or mobile devices will not be able to connect to the wireless network using this form of security.[sc name=”quote” text=”Any device that doesn’t have the right MAC address will be denied access.”]
Most routers also have an internal firewall program you can enable from the settings menu. This is anti-hacking software that makes a network more difficult to access from the outside, and turning it on is generally really easy. It’s also a good idea to protect your computers and devices with firewall software (Windows has one built in, but it’s not a bad idea to invest in better ones) that you can buy commercially to protect your data even further.
There is a slight inconvenience with MAC address filters, as they can complicate things whenever you want to add a new device to your network. So if your wife’s cousin wants to connect to the network, for instance, you’ll need to go back and add his MAC address to the router’s list. Of course, this is a small price to pay for added security.
[sc name=”numlist” number=”3″ title=”Change your network’s SSID and make it invisible”]
Another quick way to protect the Wi-Fi network is by changing the system’s SSID or the name of the network. This is what the device searches for when it is trying to connect to the network and can be done using the same method as setting up the password. From within the same settings menus that you adjusted the MAC settings and turned on your encryption key, you can also set whether your Wi-Fi network is “discoverable.” This means that the router won’t broadcast its ID information (called the SSID) over the air for other devices to lock onto. Only devices that know to look for the router, like the ones you’ve already authorized to connect to it, will be able to use your connection.[sc name=”quote” text=”You don’t want your network discoverable, and you don’t want your router to broadcast its SSID.”]
Although just changing the name does not enhance the security of the Wi-Fi, an option that is extremely powerful in stopping unwanted users from connecting is to make the network invisible. When the network is invisible, hackers who may be searching for a Wi-Fi connection to access to will not be able to find it. It is important to note that if the network is invisible, in order for new devices to connect, users must manually input the SSID and password instead of having the device automatically identify the Wi-Fi name.
Generally, you’ll find the ability to alter discoverability in the security tab of your router’s settings browser window. It’s usually a button that discusses making your network discoverable or disabling SSID broadcast. This is also a good opportunity to change your router’s SSID to something other than the manufacturer preset. There’s a reason you see so many networks named “Linksys” or “D-Link” — those are routers that have their manufacturer defaults still activated, and they suggest to hackers that the passwords are still set to defaults as well. Either way, it’s easier for someone to get into your network when they have more information, and a manufacturer SSID doesn’t help. Change it, then make it invisible. Just remember: You don’t want your network discoverable, and you don’t want your router to broadcast its SSID. Turn those things off.
[sc name=”numlist” number=”4″ title=”Reduce the Range of Wi-Fi Signals”]
Currently, most wireless local area networks use 802.11 which consists of three distinctive frequency ranges. For example, 2.4 GHz, 3.6 GHz, and likewise 4.9/5.0 GHz groups each have their own ranges. With the diversity in signal strength, settings can be applied to limit the range so that those who are too far are unable to find or access the signal. As an example, with the 2.4 GHz frequency, settings can be altered so that either 802.11b or 802.11n can be selected rather than 802.11g in the router settings. In doing so, this will help in reducing the signal strength range so that only those near the router are able to access the network. Alternatively, a simpler way to limit Wi-Fi signal would be to place the router in a shut room or an enclosed space so as to stifle the signal strength, although this may diminish Wi-Fi speeds for those who are intended to have access to it.
[sc name=”numlist” number=”5″ title=”Enable Wi-Fi Network Encryption”]
The Wi-Fi encryption option has been specifically designed to secure the network against those trying to gaining access without permission with the primary method of encryption being WEP (Wired Equivalent Privacy, although other encryption methods also exist to include WPA and WPA2). To encrypt the Wi-Fi network, users need to log on to the router or network and then go into the security settings. Next, select one of the encryption methods and then enter a password in order to access the network. Although this method generally makes the network quite secure against the ever-growing threat of internet compromise, it is important to ensure that the software and hardware for the router is updated regularly in conjunction with the passwords and encryption.
[sc name=”numlist” number=”+1″ title=”Assign IP addresses to your devices”]
This gets a bit technical, but like the MAC address filtering, it’s not nearly as complex as it at first seems. Each device that connects to the Internet does so using what’s called an IP address. Most networks use a system called “dynamic IP addresses,” which means that every time you connect to your network, the system assigns a temporary IP address to your system. That’s easy, but it also means anyone jacking into your network can get a temporary address just as easily as you can.[sc name=”quote” text=”you can tell your router to only allow device’s using those specified addresses to connect”]
Instead, look for a tab in your router’s setup menu that lets you set “static IP addresses.” Like MAC filtering, you should be able to see the addresses of your devices at the moment; write them down, or specify a series of numbers to the router when you’re prompted to. These look complex (they’re usually long, like the 192.168.1.1 address), but that doesn’t mean they have to be complicated. You can actually set addresses with the same sets of numbers up front, but alter the numbers at the end to keep them consistent and easy to remember for you, but more difficult for intruders to access.
Once you set static IP addresses, you’ll have to use the numbers you wrote down on your computers when they try to connect to the network. In your Network Settings, you can specify a device’s IP address so that it always uses the same number, then you can tell your router to only allow device’s using those specified addresses to connect. While the MAC filtering will keep out some less in-the-know network jumpers, more complex hackers can get around that technology; they’ll have more trouble with your static, filtered IP addresses.
[sc name=”numlist” number=”+2″ title=”Avoid open, unprotected Wi-Fi networks”]
This is more for when you’re out in the world than at home, using your computer or smartphone to try to access the Internet when you’re at the airport or in other places. Beware of open, access-free networks. If they’re open to you, that means they’re open to other people, too, and your sensitive information can be plucked out of the air by people who have a little bit of expertise in this area.
“Free Public Wi-Fi,” for example, is a network that will often pop up in public places when you’re searching for a network. Don’t connect to it, though, as it isn’t really a free public network, and could very well be a quick and easy way for someone with ill intentions to get access to your computer.[sc name=”quote” text=”Beware of open, access-free networks.”]
For the most part, the best thing you can do is avoid open networks you don’t trust whenever possible. If you do decide to access an open network, limit what you do on it. Don’t access sensitive websites or use important data like your bank passwords while attached to the network. You should also take steps to keep your computer from saving sensitive Internet information that could be accessed later, like a history or cookies cache. These are bits of data your web browser saves from websites to make accessing them easier later. When you tell a website to save your password, for example, it leaves a “cookie,” or small program, on your browser for use later. You can easily clear these from your browser’s settings menu.
Although hackers are continuously developing different techniques and software to infiltrate networks, using the combination of these different settings can ensure that one’s Wi-Fi is highly protected. While no physical connection is required in order to access a network, hackers within a close range are able to more easily compromise private and sensitive information even without the proper credentials or permission. As a result, default options are no longer a sufficient means of network security as hackers are able to remotely access internet connections if left insecurely, especially with the growing number of household wireless connections.
These are simple steps you can take to protect your network, your data and your privacy, but the technical aspect often frightens off people who aren’t familiar with their Internet hardware. Trust us when we say that it’s usually less complicated than it appears. Consult your router’s manual if you need to, and look for the keywords in your router’s settings menu: things like “encryption key,” “firewall,” “disabling broadcasting and IP” and “MAC address filters” are good. Once you set them up and write the numbers down, you should be able to breathe a little easier knowing your access to the Internet is protected.