CognitiveCombine.com stylishly packed, cognitively underlined & followed by a strong dose of tomfoolery

WiFi Routers and Networks – Security Tips

Wireless routers have become the norm in many offices and homes to easily provide network and internet access without cable clutter. While they do make it easier for us to get connected, an improperly configured device can pose a serious security risk. Here are some tips, to make your network as secure as possible, and that brings us to our first point.

1. Security Basics

Before continuing, it is important to note, that security is a cat and mouse game. All forms of encryption will sooner or later be cracked. In order to achieve security you must stay up to date, manage your data in a sane manner and place as many obstacles as you can in the path of would be hackers. This is what this article attempts to highlight, the creation of obstacles.

2. Data Management

Before you plug your computer in to your wireless router, you must first consider what types of data you have, and how important they are to you. Important financial or personal data should be kept on non networked storage. The best place to store sensitive data is on CD's, DVD's or external storage hard disks. This is one obstacle that we can place in the path of anyone who might try to compromise your security. Get the data off the network.

3. Turn on Encryption

Do not leave your network open. Some routers are set to use no encryption at all by default. Buy a router that supports WPA2 encryption and make sure that it allows you to switch between the two encryption methods TKIP and AES. Select AES only, as TKIP has been hacked.

4. SSID Broadcasting

Some people say that it is safer to turn off SSID broadcasting. In my opinion it doesn't make a difference, because a person who knows how to compromise networks will also be using tools to scan networks and obtain this data. Whether you turn broadcasting on or off, certain tools can still find out what your SSID is.

5. MAC Address Filtering

Make sure to use MAC address filtering. This means that you compile a list of the MAC addresses of your computers and devices. Only these will then be able to access your network. Any device that is not on the list will be denied access. Even MAC addresses can be spoofed, but this is yet another obstacle that we place in the path of those meaning to get in to our networks unauthorised.

6. Static IP Leases

Reserve a specific IP number for each MAC address. And set your router to only hand out reserved IP leases. This is yet another obstacle.

7. Limit the IP Range

Your router can assign many IP numbers to networked devices. If you only have 2 computers in your home, limit the IP range to two IP's.

8. Remove Antennas

If your router comes with removable antennas, and if you live in a small apartment, then there is no need to be blasting the signal throughout your entire neighbourhood. Try removing the antenna, and see if you can still connect from within your apartment.

9. Reduce Signal Strength

Again, if you are not connecting to your router from up to 15 meters away, try reducing signal strength to a point where it is strong enough to cover your home for example, but not anything beyond.

10. Passwords

Use complicated passwords that are long and hard to guess. Try to renew the password at least once a month. I know this doesn't sound like fun, but losing your data is worse.

11. Turn off the Router

In this day and age of ours, where we want everything to be "bigger", "better" and "faster", we tend to leave gadgets running or switch them into standby mode. When it comes to security, you might want to consider turning off your router when you don't need it, or when you will be away from home or the office for a while.

Do you have any other tips ?

Tips from commenters:

12. Use WiFi-Client-Isolation

If you don’t need to access other WiFi-connected clients turn on WiFi-Client-Isolation. You can share ressources which are connected by ethernet cable (Printer, NAS,…) but your machine cannot be directly attacked by intruders.

13. Change the default SSID

You don’t want to distribute information about the hardware and software you are using.

14. Disable DHCP completely

And change your subnet to something “exotic”.

15. Disable Configuration over WiFi

Permit access to the configuration only to cable-connected devices.

16. Use VPN as the only way into the network

A more complex but very effective approach to add an additional layer of security.