You might not realize it, but you only need to do three (3) simple tasks to secure your home (or small business) wireless network.
- Change the default admin password. Default router admin passwords are easy to find. If you don’t want some jack@$$ (like me) changing your network name to something like FBI Surveillance Van, then make sure you’re using a strong password to protect the router.
- Use WPA-PSK or WPA2-PSK security. For the love of all things holy, STOP USING WEP! There are thousands of YouTube videos with step-by-step instructions on how to crack WEP networks in just a few minutes. WPS is just as bad. DON’T USE WPS EITHER! You might need to pick WPA if you have any mobile devices at home that don’t support WPA2. Granted, there are tools available that hackers can use to try to crack your WPA/WPA2 encryption key (reaver for cracking WPS; aircrack-ng for offline brute force attacks; or my personal favorite: crunch). If you’re using a strong password, though, it’s going to take your neighbor a LOOOOOOOOOOONG time to crack your encryption key.
- Use MAC Address filtering. The wireless network card in every laptop/smartphone/tablet has a unique hardware address that looks something like this: 00-11-22-AA-BB-CC. That’s the MAC address. You can configure your wireless router to only accept connections from known MAC addresses, keeping unknown devices from being able to connect at all. Not sure how to find your device’s MAC address? You can either Google for instructions, or you wait to turn this on AFTER you’ve connected all of your devices to your WPA/WPA2 encrypted network and grabbed a screenshot of the MAC addresses from the attached/connected devices page in the router’s admin interface.
You might also want to setup a guest wireless network. I’m cool with this, but remember: if someone is using your guest wireless to download kiddie pr0n, it’s YOUR router’s IP address that’s going to show up in the logs reviewed by law enforcement.
I still recommend WPA-PSK or WPA2-PSK for your guest wireless, but I’m a much bigger fan of passphrases than passwords. Are you a comic book fan? Take five (5) of your favorite superheroes and string their names together in a run-on sentence to create your guest wireless passphrase. ghostriderwolverinekickassdaredevilcassiehack is easy to remember, but difficult to brute force. Toss a number in there somewhere, and you’re golden.
And two points to you if you know who Cassie Hack is without Googling.