Here in the 21st century, interconnectivity is nothing if not a fact of life, and this only becomes more the case every day. The Internet and the level of connection it brings with it is now a part of how people of all ages manage their social lives. It’s critical when it comes to the way we do business and pursue new opportunities. Now that Wi-Fi and mobile technology are bigger parts of the mix, interconnectivity is also a constant – a given as far as our everyday lives go.
That said, connectedness is also something we tend to take for granted at this point. Unfortunately, that means a lot of us don’t take security as seriously as we should. This is especially the case when it comes to our home wireless networks. Here we’ll take a closer look at some of the reasons why you shouldn’t neglect the security of your home network, as well as discuss some of the best ways to make sure yours is as airtight as it should be.
Because thoroughly configuring a new network can be a lot more time-consuming than most of us would like, a lot of us tend to rush through the process. After all, how important could it really be to configure all of these different settings? What’s the worst that could happen if you just stick with the defaults?
The fact of the matter is leaving your home network unsecured or open is a lot like leaving your front door unlocked and open. Anyone who wants access can easily obtain it. At that point, they not only have access to your internal network resources, but the Internet via your connection as well. Among other things, they could:
Securing your home network is essential when it comes to keeping out intruders and protecting not only yourself, but friends and family members that use your connection as well.
Some mistakenly believe that all wireless network connections and routers are by definition non-secure, or at least much less secure than the alternatives. In actuality, this is only the case if you use it as-is right out of the box. Configuring your security settings as soon as your connection is set up is the key to keeping intruders out, so make sure the router you select has all of the following features:
WPA2 Security Encryption: The WPA2 encryption method is going to be your best bet, as it’s quite touchy to crack, so look for a router that supports it. You’ll be as secure as possible over both WPA and WEP.
Network Address Translation: Also known as NAT for short, network address translation separates your internal network from the actual Internet. This helps protect your computer and other connected devices from attacks that require intruders to interface directly with the device itself. With NAT in your corner, such attacks will go no further than your router, never actually reaching your equipment.
Integrated Threat Defense: This is one of the best ways to guard against malicious attacks at the entry-point level. Boost your defenses against spyware, worms, viruses, and more.
Built-In Firewall: A built-in firewall protects you against threats by distinguishing unsolicited traffic to your entry-point from valid traffic. Any inbound attempts to connect that aren’t properly authorized will be rejected outright.
Whether you’re setting up a brand new router or simply looking to improve the security of your existing one, the following steps are absolute musts. The more of these changes you decide to make, the stronger and safer your network security will be. Even making a few of them will drastically improve matters!
All wireless access points come attached to an embedded server plus associated web tools and web pages that let the owners of the network access their personal account information, as well as enter their network address. As is the case with any type of online account, you gain this access via a familiar log-in screen, a username, and a password.
Never simply stick with the defaults. You can rest assured that hackers and other malicious attackers already know what they are (or could easily find out). It’s not just malicious professional hackers and thieves you need to be wary of, either. Your neighbor’s curious child could easily manage to hijack your entire network unless you customize your information.
Choose strong passwords that are difficult to impossible to guess. Change them every 30 to 90 days for best results. (Set a schedule that you stick to, if it makes it easier to remember.) Avoid reusing any recent passwords.
Although the specifics may vary according to the exact type of Wi-Fi equipment you have, every system is going to come attached to some form of encryption technology. (Popular examples that exist today include WPA and WPA2, which we touched on above.) Encryption tech works to scramble any and all information sent out over your network, making it much harder for hackers or random nosey humans to read it.
Choose the strongest type of encryption available for your network. The stronger the encryption you choose, the harder it will be for even professional hacking programs to crack your decoding key and the safer your network will become.
As is the case with login information like usernames and passwords, each piece of Wi-Fi equipment is going to come with a stored default network name. This is the SSID (service set identifier). Even though knowledge of your network’s name isn’t going to be enough on its own to allow an intruder into your network, you can and should change it.
Hackers and busybodies view default network names as promising signs of a network that isn’t well protected. After all, if you can’t be bothered to change your network’s name (or don’t know how), it’s likely that you haven’t changed your other settings or login information either. Why invite attack attempts?
Each individual piece of Wi-Fi equipment comes attached to its own unique identifier – its physical address, also known as the MAC (media access control) address. It’s the router’s job to manage the MAC addresses of each computer, phone, tablet, or other Wi-Fi enabled device that uses the network to connect to the Internet.
Normally, anyone with access to a network’s name and security information can use it via whatever device they’re on. When MAC address filtering is enabled, the router will check a new device’s MAC address against a list of pre-approved devices. Not on there? No access. Configuring such a list for your own network won’t make it impossible for hackers to gain access to your network, as it is possible to fake a MAC address, but it definitely helps.
Under normal circumstances, a given router/access point will actually broadcast the name of the associated network at regular intervals – usually once every few seconds. This is called SSID broadcasting. It’s what allows you to see and attempt to access nearby networks when searching for Wi-Fi signals whether you’re at home or out and about downtown.
Naturally, SSID broadcasting is a great feature for businesses, establishments, and mobile hotspots that may see valid users constantly drifting in and out of range. However, it’s completely unnecessary for a home network. In fact, it can actually be detrimental, as it pretty much advertises the existence of your network and invites people that have no business connecting to it to give it a try.
To disable your router’s SSID broadcast feature, you’ll need to be able to sign in to your system as an admin. Simply change this setting to “off” once you’ve done so, and that’s it!
Whether you know it or not, your computer most likely has a feature that allows it to automatically connect to open Wi-Fi networks in the vicinity. Sometimes this happens without the user even being made aware of it, although it’s not normally enabled by default. Ideally speaking, the Wi-Fi auto-connect feature should only be used on a temporary basis, as it does open your devices up to security risks.
You should also be aware that most devices tend to remember specific networks if they’ve connected to them in the past and won’t ask permission to access them again. This can be avoided by directing your device to “forget this network” after you’re finished using an open one.
It’s normal and desirable for a home’s Wi-Fi signal to extend to the exterior of that home. However, you definitely want to minimize the extent to which this happens. You want to be able to access your network yourself while you’re lounging by the pool or sitting on the porch. You don’t want your neighbors to be able to easily detect and exploit your signal from their own homes.
That said, give some thought to where you position your router or other access point within your home. Ideally speaking, it’s in the center of your home, as opposed to near a window or outer wall of your home. The harder it is for outsiders to pick up on your Wi-Fi signal, the less they’ll be tempted to break into it.
When it comes to assigning IP addresses to each of the devices that access your home network, you have two choices. You can automatically assign them using DHCP (dynamic host configuration protocol) or you can elect to assign them manually.
Most network admins choose DHCP, as it’s simpler and easier. However, it’s important to be aware that hackers and intruders can use it to obtain a valid IP address of their own via your network’s DHCP pool. Consider setting a fixed IP address range and manually configuring each authorized device with an IP within that range instead.
The average person stores a lot of personal information on each of their Wi-Fi connected devices, and it’s unlikely you’re any different. That said, it’s important to make sure you’re protecting your devices with security software.
Start with your router’s network firewall. (Most modern routers come with one built in, so just make sure yours is enabled.) You should also make sure each device that connects to your network has additional security software installed, which is properly enabled, and that runs on a regular basis. There are plenty of paid and free programs out there to choose from. Just make sure you’re using something
Most households choose to keep their Internet connections “on” at all times, and with good reason. You’re always online when you need to be this way without having to think too much about it. However, there’s no need to leave your connection on if no one will be using it for an extended period – over a summer vacation away, to name just one example.
A hacker can’t access a connection that’s not active, and they can’t invade devices that are offline, so you won’t have to worry about a network break-in while you’re away. You’ll save money on your utility bills and prevent any possible surge-related damage to your equipment as well.
Of course, nothing is going to guarantee you 100% protection from ever having an issue with hackers or people looking to freeload off of your connection, but taking the right measures (and enough of them) is an excellent place to start. The harder you can make it for intruders to gain access to your connection, the less likely it is that they’ll even want to bother.