WHAT IS THE DANGER?

When you compare a Wi-Fi network to a standard wired one in terms of network security there is one big difference. That is physical protection. When you’re using Wi-Fi, anyone is able to tap into the connection. With a physical network, a hacker would need to have physical access such as plugging in an ethernet cable. Since Wi-Fi doesn’t have these restrictions it can become a major weakness in any network. This is why it must be protected. The only way to patch this threat is through settings.

Getting to the configuration screen is an easy process. After you connected to the network go to 192.168.0.1 using a web browser application. You’ll be prompted for a username and password. Enter it if you have it or refer to your manual for the default username and password. If you can’t find the manual, try going to the manufacturer’s website and searching for the appropriate model.

NOTE: If using 192.168.0.1 doesn’t work refer to the manual. It might also be 192.168.1.0 or 192.168.1.1.

CHANGE SSID FOR PASSIVE SECURITY

When you change your SSID, you change the name that outsiders see. This can be good if the default setting of your router is broadcasting its make and/or model number. Changing this setting doesn’t truly make your network more secure, but it will make you a smaller target. If you are connected to the network, and you change the SSID you’ll have to use the new credentials to regain access.

MAC ADDRESS FILTERING

Every wireless card contains a built-in hardware code called a hardware address or MAC address. Each address is unique and is used to identify a client on the network.

Almost every access point comes with a feature called MAC address filtering. What this does is compare each device’s MAC address against a list of known Mac Addresses. If the MAC address is on the list then the computer can complete its connection and use the network.

Enabling MAC address filtering on your AP is simple. Just log in to the configuration screen and find the setting. You should go to each computer that will be connecting and get its MAC address. These are what you will enter on the configuration screen.

USING ENCRYPTION STANDARDS

New encryption standards are implemented where previous iterations have failed or become outdated. One of the first for Wi-Fi was WEP. WEP stands for Wired Equivalency Policy and was meant to be as secure as a wired network (thus the name). Today WEP can be hacked in less than five minutes using Youtube and the right tools which are all freely available. The only reason WEP is still included as an option is that some legacy devices are not compatible with the newer standards. It would be much more prudent to upgrade the device to use WPA instead of lowering the security across the whole network to allow for WEP.

WPA and WPA 2 are common standards that are considered secure. Using either WPA standard is better than WEP because each uses a different means of authentication. Encryption settings can be changed using the configuration screen.

CHOOSE A STRONG PASSWORD

Passwords are everywhere. We need to remember them for our social networks, email accounts, banking accounts, and all kinds of other kinds of services.  Adding another password to the ‘don’t forget’ list doesn’t sound too appealing but it’s necessary. The more difficult you make this password, the longer it will take to crack it. Any hacker can obtain the 4-way handshake necessary to get started cracking the password from the AP. If your password is complex enough, it would literally take a lifetime to run through all possible permutations of words to obtain your password.

The password shouldn’t be written down anywhere in plain sight. If you insist on writing it down put it in a safe place and lock it away.

DISABLE WPS FOR MORE PROTECTION

WPS stands for Wi-Fi Protected Setup and is used to make security more convenient for users. WPS allows users to use a  pin to gain access to the network if the password is lost.

The problem with that is that the pin now becomes the biggest weakness. Some manufacturers enable this feature by default, and even when the feature is turned off, it’s still vulnerable to attack.