Seven tips on how to make your home Wi-Fi more safe

Time and time again did we write about the dangers public Wi-Fi hotspots pose to users, but today we are talking about threats coming specifically from home wireless networks. Many

Time and time again did we write about the dangers public Wi-Fi hotspots pose to users, but today we are talking about threats coming specifically from home wireless networks. Many wireless router users do not remotely consider them to be a threat, but we are here to bring this illusion down. This guide is by no means complete, but several great tips can help you to increase the level of your home network security.

Step 1. Changing the admin password

One of the most common mistakes is using a default out-of-box admin password (likes of frequently used “admin:admin” and “1234”). Combined with some non-critical remote vulnerability or open wireless connection, it might give hackers the ability to fully control the router. We strongly recommend updating the password to a more complicated one:

wifi-1

To illustrate our point, we present screenshots of TP-Link router settings. Naturally, not all router access points look like this, however the general settings will remain the same.

Step 2. Disable remote management

The second problem is open access to the router’s control interface. Usually manufacturers enable only LAN-based router control by default, but this isn’t always the case. Make sure you check whether you router’s control interface is available on the internet.

wifi-2

In most cases, in order to disable remote management, you should enter the 0.0.0.0 address into the appropriate field or de-check the box. It also makes sense to block access to the router through Telnet or SSH protocols (provided your connection supports them). Proficient users might apply restrictions to control capabilities over LAN based on hardware’s MAC addresses.

Step 3. Disable Broadcast SSID

As a rule, a wireless router transmits your Wi-Fi network ID (the so-called SSID) to everyone. You can actually disable the broadcast of the SSID by selecting the option below.  This means that you’ll still be able to connect to the network, however it won’t be visible in the wireless selection menu.  This makes it that little bit harder for attackers to spot your network.

wifi-3

Step 4. Using reliable encryption

Enabling encryption on the Wi-Fi broadcast means that people will need to know a password before joining your network.  However, not enabling encryption means that anybody can join your network and download what they wish.  It’s a lot simpler than it appears to enable encryption and having strong security on the network goes a long way to making sure it’s safe for every user.  The first step is making sure that the encryption is strong enough.  WPA2 is currently one of the strongest encryptions available so you should make sure you choose it if you can.

wifi-4

Once you’ve selected WPA2 setting, it’ll ask you for a password.  Remember to ensure that this is as strong as possibles.

Step 5. UPnP et al.

Today’s wireless routers are not only capable of serving a internet access; they also support different protocols to automatically connect smart devices:

wifi-5

Universal Plug and Play (UPnP), DLNA support (Digital Living Network Alliance) and alike are better off disabled if not in use — you run a lower risk of being affected by vulnerabilities in software using those features.

Step 6. Updating built-in software

Updating firmware is something of a dark art and as such, the majority of users will never even think about it.  However, if you’re up to the challenge, it’s worth researching as some hardware is patched significantly after launch and the only way to get these updates is through firmware.  What’s worth noting however is that most modern routers now have the ability to update themselves, without user intervention.

wifi-6

If you do need to update the firmware, the instruction are usually stored on a separate tab in the router’s web interface. All you need to do is download the firmware’s image, back-up the router configuration (sometimes the older file cannot be used with the new firmware, and in that case you might need to run the process from the beginning), run the update and restore configuration after restarting your system.

Step 7. Not only router

‘Ultimate’ protection does not exist, as the years have proved.  A sensible approach to router settings, using strong passwords and encryption, and timely updates to firmware will significantly contribute to a higher level of safety of your wireless network, but it does not 100% guarantee your network is safe from hacking.

The protection should employ a complex approach, so we recommend using latest firewalls and antivirus software, with latest malware databases. Take Kaspersky Internet Security 2015 — it allows you to check the level of security for your wireless network and offer suggestions on applying correct settings.

Tips