Five ways to protect your Wi-Fi network from hackers

Posted April 26, 2011  9:22am by Phil Hornshaw Tags: Wi-Fi, Security, Wireless
Networks, safety  Consider the story of one Buffalo, New York man a cautionary
tale.
The man’s house was raided by agents from the U.S. Immigration and  Customs
Enforcement agency last week, which later turned out to be a  mistake. The
reason? Department of Homeland Security agents traced a  distributor of child
pornography back to the man’s home Wi-Fi router.
The trouble was, the man wasn’t the one distributing the illicit and  illegal
material -- authorities say it was his neighbor, who was  connecting to his
Wi-Fi network. The agents didn’t have the wrong house,  but it took them a week
to determine that they had the wrong suspect.
For the less tech savvy among us, protecting an Internet router can  be a
daunting task, requiring technical know-how that gets confusing.  But with just
a few seconds, the router’s manual, and some understanding  of what you’re
looking for, setting up at least some router security  can be pretty easy, and
can save Internet users from issues like  identity theft and an unfortunate
visit from the U.S. government. Here  are a few tips for keeping your network,
and your data, away from those  who would hijack it.

1. Set up a password - or even better - an encryption key

Adding  some kind of password to your network is a way to immediately
discourage probably 99 percent of the people who could jack into your  Wi-Fi
connection remotely, and it really is just about the easiest thing  ever to do
to protect yourself. All you need is the Ethernet cable that  comes with a
router when you pull it out of the box or installed by a  cable company, and the
manual that comes with the router. By using the  cable to plug directly into the
router, a computer can access the  router’s internal settings using an Internet
browser. The address  (usually in the form of what’s called an IP address,
generally  192.168.1.1 or something similar) gets you into the router’s inner
workings, but you need the cable to access it, so it can’t be altered  remotely.
The router’s manufacturer password is also included in the  manual (usually it’s
“admin” or “password”), and you should change that  too from the settings menu
for added internal security to keep prying  eyes out.
From there, it’s usually as simple as going to the security settings  for your
router and activating an encrypted password called a WEP or WPA  key. This is
presented in the form of a long chain of letters and  numbers that the router
can generate for you. You can specify a password  of your own, but the router’s
generated key is a much stronger  encryption than using a password someone might
be able to guess. Most  modern computers will save passwords when you connect to
your home Wi-Fi  network, so you shouldn’t need to specify the network password
again  when signing onto the Internet, unless something gets reset.

2. Turn on MAC address filtering and router firewalls

While it is absolutely essential to use a password or encryption key  to keep
your Wi-Fi network secure, there are a number of other easy  steps to make it
even more protected.
Each computer that uses your network has a specific number attached  to it
called a “MAC (Media Access Control) address.” This is actually a  physical
number assigned to the actual Wi-Fi adapter hardware in your  computer or mobile
device. From the internal settings of your router,  you can determine the MAC
addresses of the computers that you want to be  able to access your network and
specify them to the router. Any device  that doesn’t have the right MAC address
will be denied access.
In order to set MAC addresses, you’ll need to have the devices you  want to be
able to use on your network connected so you can see their  addresses in the
router’s “MAC Address” section. There, you can usually  just click a button that
turns on the router’s MAC limiting setting, and  then select which addresses are
allowed access to the network.
Most routers also have an internal firewall program you can enable  from the
settings menu. This is anti-hacking software that makes a  network more
difficult to access from the outside, and turning it on is  generally really
easy. It’s also a good idea to protect your computers  and devices with firewall
software (Windows has one built in, but it’s  not a bad idea to invest in better
ones) that you can buy commercially  to protect your data even further.
There is a slight inconvenience with MAC address filters, as they can
complicate things whenever you want to add a new device to your  network. So if
your wife's cousin wants to connect to the network, for  instance, you'll need
to go back and add his MAC address to the router's  list. Of course, this is a
small price to pay for added security.

3. Change your network’s SSID and make it invisible

From  within the same settings menus that you adjusted the MAC settings and
turned on your encryption key, you can also set whether your Wi-Fi  network is
“discoverable.” This means that the router won’t broadcast  its ID information
(called the SSID) over the air for other devices to  lock onto. Only devices
that know to look for the router, like the ones  you’ve already authorized to
connect to it, will be able to use your  connection.
Generally, you’ll find the ability to alter discoverability in the  security tab
of your router’s settings browser window. It’s usually a  button that discusses
making your network discoverable or disabling SSID  broadcast. This is also a
good opportunity to change your router’s SSID  to something other than the
manufacturer preset. There’s a reason you  see so many networks named "Linksys"
or "D-Link" -- those are routers  that have their manufacturer defaults still
activated, and they suggest  to hackers that the passwords are still set to
defaults as well. Either  way, it’s easier for someone to get into your network
when they have  more information, and a manufacturer SSID doesn’t help. Change
it, then  make it invisible. Just remember: You don’t want your network
discoverable, and you don’t want your router to broadcast its SSID. Turn  those
things off.

4. Assign IP addresses to your devices

This gets a bit technical, but like the MAC address filtering, it’s  not nearly
as complex as it at first seems. Each device that connects to  the Internet does
so using what’s called an IP address. Most networks  use a system called
“dynamic IP addresses,” which means that every time  you connect to your
network, the system assigns a temporary IP address  to your system. That’s easy,
but it also means anyone jacking into your  network can get a temporary address
just as easily as you can.
Instead, look for a tab in your router’s setup menu that lets you set  “static
IP addresses.” Like MAC filtering, you should be able to see  the addresses of
your devices at the moment; write them down, or specify  a series of numbers to
the router when you’re prompted to. These look  complex (they’re usually long,
like the 192.168.1.1 address), but that  doesn’t mean they have to be
complicated. You can actually set addresses  with the same sets of numbers up
front, but alter the numbers at the  end to keep them consistent and easy to
remember for you, but more  difficult for intruders to access.
Once you set static IP addresses, you’ll have to use the numbers you  wrote down
on your computers when they try to connect to the network. In  your Network
Settings, you can specify a device’s IP address so that it  always uses the same
number, then you can tell your router to only  allow device’s using those
specified addresses to connect. While the MAC  filtering will keep out some less
in-the-know network jumpers, more  complex hackers can get around that
technology; they’ll have more  trouble with your static, filtered IP addresses.

5. Avoid open, unprotected Wi-Fi networks

This  is more for when you’re out in the world than at home, using your
computer or smartphone to try to access the Internet when you’re at the  airport
or in other places. Beware of open, access-free networks. If  they’re open to
you, that means they’re open to other people, too, and  your sensitive
information can be plucked out of the air by people who  have a little bit of
expertise in this area.
“Free Public Wi-Fi,” for example, is a network that will often pop up  in public
places when you’re searching for a network. Don’t connect to  it, though, as it
isn’t really a free public network, and could very  well be a quick and easy way
for someone with ill intentions to get  access to your computer.
For the most part, the best thing you can do is avoid open networks you don’t
trust whenever possible. If you do decide to access an open network, limit what
you do on it. Don’t access  sensitive websites or use important data like your
bank passwords while  attached to the network. You should also take steps to
keep your  computer from saving sensitive Internet information that could be
accessed later, like a history or cookies cache. These are bits of data  your
web browser saves from websites to make accessing them easier  later. When you
tell a website to save your password, for example, it  leaves a “cookie,” or
small program, on your browser for use later. You  can easily clear these from
your browser’s settings menu.
These are simple steps you can take to protect your network, your  data and your
privacy, but the technical aspect often frightens off  people who aren’t
familiar with their Internet hardware. Trust us when  we say that it’s usually
less complicated than it appears. Consult your  router’s manual if you need to,
and look for the keywords in your  router’s settings menu: things like
“encryption key,” “firewall,”  “disabling broadcasting and IP” and “MAC address
filters” are good. Once  you set them up and write the numbers down, you should
be able to  breathe a little easier knowing your access to the Internet is
protected.