This post is intended to help ordinary users secure their home wi-fi networks so that no one can use them to surf the internet (known as Internet theft, or neighbor’s internet is the best) or eavesdrop on traffic where someone can get very interesting information about users.
Let’s start from the beginning
It should be noted that there are different types of wireless networks such as GSM (mobile telephony), Bluetooth, IR, NFC, and WLAN. However, of them, almost every apartment or house today has a WLAN, which we also call a wi-fi network. Such a network is a great thing, we no longer have to run the cables through the rooms and worry about whether the cable is long enough against the wall socket. I also want to mention here that the walls do not pose a problem for this type of network so that one AP (Wireless access point) can be used for some 100m distances of bases of bigger problems for standard types of walls (exceptions here are walls that have a larger amount in themselves metal that can drastically reduce signal propagation).
What is the problem with wi-fi networks?
However, since such networks have undoubtedly brought many advantages, and most in the very comfort of use for the end-user, there are also some security concerns for such networks. The first problem is that these networks are used quite differently from the wires, instead of the wire here the signal is sent through the air and thus it is easier to eavesdrop on it and later try different tools to discover the key for connecting to the network.
How do you protect your wi-fi network?
Different algorithms are used to protect against the above activities. The first of these to be far outstripped and unsafe today is WEP, which can be broken in minutes with a free tool like Airsnort. The next item in development is WPA, which is much more secure than WEP, but there are still vulnerabilities that have created a new version of WPA2 that uses a different key exchange technique, so no glitches have been noticed in this case. The only thing to keep in mind with WPA2 is that the key is complex so that it cannot be easily broken down by some data dictionary which means that it should have a combination of lowercase letters, uppercase letters, numbers, and special symbols and not be shorter than 8 characters.
Home Network Security Tips
Completely different things and instructions apply to home networks versus business networks where security rules are completely different and maybe specifically addressed in another post but here we are based solely on home networks.
Here are some things that can be used for this purpose:
- Change the default username and password of the router – There are a number of sites on the Internet where you can find information about the default username and password for a particular device type. The first thing that should be done immediately before putting a device into service is to change this data and rename the default user (this is mostly Admin on a large number of devices).
- Change the default SSID for the network – Also, before putting the device into operation, it is necessary to change the SSID value, which is actually the name of the wireless network. This is because the device will put its tag followed by some numbers and it will tell the potential attacker what the device is about (the HG520s say it is no doubt a Huawei device) which can then be used for item 1.
- Turn off SSID broadcast option – this option prevents the wireless network from even appearing to exist (this does not apply to programs such as Airsnort but only to the operating system’s default tools). Of course, this is not absolute protection, but at least an additional step is that one must make an effort to find out that the network exists at all. Here I have to give one note that if you turn off this option you will have to connect manually as your devices will not automatically see this network either.
- Turn off WPS (Wi-Fi Protected Setup) on the router – back in 2006, someone came up with the idea of making it easier for users who are not so skilled at using a computer by installing a button on a WPS-labeled router whose function is to make secure communication on their own with the device. This is something that is based on a four-digit number like the PIN on a payment card and there are a number of glitches in this technology so it is a warm recommendation to turn this off on your router and never use it.
- Set up closed access using WPA2 encryption – as noted earlier in addition to WPA2, there is also WEP that should be avoided due to omissions it has as well as WPA upgraded in version 2. Also, care should be taken to keep the network connection key complex, as explained earlier in the text. The worst option you can do is leave the default and access to your network open means no access key is needed. This is analogous to leaving a key in a lock on an apartment that is fully visible to all passersby.
- Use MAC (media access control address) filtering option – For home networks, this can be extremely important. First I need to explain what a MAC address is and what it is. A MAC is an address unique to every device that attaches to the network. The router can be configured to block the addresses you enter in the list and cannot be accessed by those users even if they know the key and the options that only those devices on the list can connect to the network of course if they know the key. I must mention here that more advanced users can fake this MAC address relatively easily and thus override the set ban, but it is still an additional level of security and an additional step that an attacker must take to connect to the network.
I hope this post will be of use to a large number of ordinary users who are not overly interested in security areas and are taking advantage of WLAN technology in their homes.