Security has become second nature to people over the years, whether it be your home, car, or personal belongings. Our computers are no exception to this, as digital thieves are lurking everywhere, and can be almost impossible to detect by the average computer user. Preventing unauthorized access to your wireless home or business network (Wi-Fi) is an extremely important measure to take, as a hacker doesn’t need to know you personally to target you, and they can be in a house or apartment nearby, or even parked in a car on the street. Wi-Fi hackers have been known to drive around neighborhoods searching for wireless networks in people’s homes, gain access through various unlocked doors in a wireless router’s configuration, and then have a field day with your information. In this article, we will go step by step through the different configurations of your wireless router that leave your network vulnerable, and what to change to make your network virtually hacker proof.
Step 1: The first thing that we have to do is login to our router’s configuration utility. To do so, you must first figure out what your gateway’s IP address is. You can do this by going to Start > Run and typing in CMD. This will open a session of command prompt. In command prompt, type ‘ipconfig’ without the quotations, and press enter. If done while connected to your network, this will return several different numbers. The one we need is listed as “Default Gateway”. Take the IP address listed as “Default Gateway” and write it down, or copy it. If you’re not familiar with IP addresses, it is a series of numbers separated by periods like this: 192.168.1.1 In fact, this particular IP address I just used as an example is the most common gateway, but yours may be listed as something different. Now, with this IP address copied, open a web browser such as internet explorer or Firefox, and paste or type the IP address exactly as it shows into the address bar and press enter. This will bring up the login page for your router. If you know your login details enter them here, if not, you will have to find the manufacturer’s User ID and password for your router. You can find this in the manual that came with the router, or by going to the manufacturer’s website and searching for the manual under the router’s model number (this can be found on a sticker on the back, side, or bottom of the router.) You can first try common ones like “admin” for the User ID, and “password” for the password, or “admin” for both User ID and password. If these don’t work, refer to the manufacturer’s manual for the User ID and password. If you set up your own User ID and password and forgot them, or the manufacturer’s default User ID and password are not working, if other people in your home have access to the router or it had a previous owner, the default User ID and password may have been changed. In such a case you can reset them back to the defaults by pressing and holding the reset button on the back of the router for at least 5 seconds. Now you can login using the default User ID and password set by the manufacturer.
Step 2: Change your User ID and password if they are set to the manufacturer’s defaults. If someone gains access to your wireless network, they can easily log into your router’s settings and change them to their liking.
Step 3: Change your SSID. Your SSID is the name that you see for your wireless network when you search for open networks using a Wi-Fi enabled device. If the SSID is set to the manufacturer’s default, anyone searching for an open network nearby can see yours, and with a little searching on the internet they can figure out the model number of your router which will help them gain access to your router’s settings.
Step 4: Disable broadcasting of your SSID. Broadcasting of an SSID is simply how when you search for open networks in an area, the names of open networks will show on your device. If you disable broadcasting of your SSID, when people search for open networks, yours will not even show up, so essentially, they will not know your wireless network even exists. You will still be able to connect to your network by typing your SSID into your Wi-Fi enabled devices manually.
Step 5: If available, enable WPA2 encryption. If WPA2 is not available, enable WPA encryption. If neither is available and only WEP is available, search your router’s manual or website for information on updating your router’s firmware. An update for your router may include support for WPA or WPA2 encryption. If no update is available to your current router, you may consider buying a new router as yours is likely very outdated. WPA2 encryption is ideal as it is much more secure than WPA and especially WEP.
Step 6: Setup a Pre-Shared Key or PSK or Network Key. Whatever your router calls it, this is the “password” to your network. This is not to be confused with the password that we changed in step 2 for your router. Your Pre-Shared Key that you setup should be impossible to guess, and should include uppercase and lowercase letters, numbers, and special characters. It is very important to include all of these to make it almost impossible to crack, but don’t make it so long that it takes you 5 minutes to enter it into every device. If it is difficult to remember, you can always look it up whenever you need by logging into your router’s settings again.
Step 7: Enable MAC Address Filtering or MAC Address Authentication. This step is optional, and should only be performed if you do not have visitors that use your Wi-Fi, or if the devices that use your Wi-Fi are consistently the same devices. A MAC Address is basically an ID that every internet or network enabled device has that looks something like this: 00:20:e0:00:41:00. Every device ever created has a unique MAC address so that they can be properly identified on a network as an individual. Using MAC Address Filtering or Authentication only allows the specific devices that you select to connect to your wireless network. Any outside devices will not be able to connect because their MAC Address will not be in the list you create of allowable devices. To add your Wi-Fi enabled devices to access list, you first need to obtain the MAC Address of each device. For computers and laptops, you can simply go to Start > Run and type ‘CMD’ without quotation marks. This will bring up a Command Prompt window. Then type in ‘ipconfig /all’ without quotation marks, and press enter. Something saying “Physical Address” should be listed somewhere near the top. Next to it you will see your computer’s MAC Address. It may be listed with hyphens in between every 2 characters instead of colons like in the example above. This is okay, just make sure when you enter the MAC Address into the access list that you do it in the format required by your router, so you may need to change all hyphens into colons. Do this for all computers connecting your wireless network. For devices such as iPods, iPads, cell phones, etc., you will have to search for your device information most likely in the Setup menu (or it may be somewhere else depending on the device). Here, if it is a Wi-Fi enabled device, you will find the MAC Address. Do this for all non-computer devices that connect to your wireless network and add them each to your access list. Don’t forget, every time you purchase a new device or someone visits and wants to use your Wi-Fi, you will have to perform this step.
It is important to perform all steps to properly secure your wireless network, except for the optional step #7. There are other security measures that can be implemented, however the above steps are the most important, and most necessary to prevent unauthorized access to your wireless network. If you completed all of the steps listed in this tutorial, you can feel confident that your wireless network is now virtually impenetrable.