11 steps to securing your wireless network

11 steps to securing your wireless network


You love the freedom that wireless connectivity gives you. But what about security? A wireless home network is more challenging to safeguard than a traditional wired one, but don’t fear. Here are some easy-to-follow steps to help keep your private data private and your wireless home network secure. (For more information about wireless networking in general, check out It’s a Wireless World.)

1. Install a firewall

Install a firewall

A hardware or software device placed around the perimeter of your wireless home network, a firewall is the first line of defense against intruders. To learn more about setting up a firewall, read Protect Your PC—Firewalls.

2. Change default administrator passwords and usernames

At the core of your wireless home network is the access point or router. Its manufacturer provides Web pages where you first enter your username and password in order to set up your home network. Hackers can unearth these initial default settings via the Internet—so change them immediately after installing the access point or router via its Administrator Account feature.

3. Turn on compatible encryption

All wireless equipment supports a form of Wi-Fi Protected Access (WPA) or Wired Equivalent Privacy (WEP) encryption technology, which scrambles messages sent over wireless networks so no one other than you can easily read them. You need to select the strongest form of encryption that works with your wireless home network but also shares the same WPA or WEP encryption settings as your home network’s other wireless devices. (That may mean finding a “lowest common denominator” setting.)

4. Change the default network name

Known as the Service Set Identifier (SSID), the name of the wireless local area network (WLAN) must be the same for all your home network’s wireless devices for them to communicate with each other. Manufacturers of access points and routers normally ship their products with the same SSID set. While knowing just the SSID does not enable anyone to break into your home network, using a default SSID is a sign of a poorly configured network and is easy prey for hackers. So, when configuring your WLAN, change the default SSID as soon as possible to a name that you can remember and is: not easily known (doesn’t contain personal information, such as your birthday); includes both numbers and letters; and uses the maximum length allowed.

5. Activate address filtering

Each piece of wireless gear possesses a unique identifier called a Media Access Control (MAC) address. Access points and routers keep track of the MAC addresses of all wireless devices that connect to them. Many such products let you input the MAC addresses of your home equipment, which restricts your network to allow connections only from those devices. While this does not completely prevent hackers from attacking your home network, it is another helpful step toward safeguarding it.

6. Disable SSID broadcast

In wireless networking, the access point or router typically broadcasts the Service Set Identifier (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hot spots, where there are many different wireless users. For your home network, though, this feature is unnecessary and also makes your network more vulnerable to hackers—so turn off the SSID broadcast by logging in to your PC’s Network Administrator setting.

7. Assign static Internet Protocol addresses to devices

Potential attackers of your home network can easily obtain valid Internet Protocol (IP) addresses from your network’s Dynamic Host Configuration Protocol (DHCP). To remedy this, disable DHCP on the router or access point, set a fixed IP address range and then match each of your connected wireless devices to it. Use a private IP range (like 10.0.0.x) to prevent your PC(s) from being reached directly from the Internet.

8. Share and communicate with care

When passing on files to others, share only what’s necessary—send the file rather than the folder, the folder rather than the hard drive and so forth. And whenever possible, protect whatever you are sharing by requiring the recipient to use a password to open it.

9. Safely position your wireless devices

Wireless signals normally reach to the exterior of your home. But sometimes they go further, across your street and into your neighbors’ homes. To minimize this kind of “leakage,” try to position your wireless devices near the center of your home, rather than by its windows. In addition, keep your wireless devices away from telephones, microwaves and other appliances that may cause interference and compromise security.

10. Shut down your home network when you’re not using it for extended intervals

The best approach to safeguarding your home network is simply to shut it down when you’re not using it. While this may be impractical if you use your home network all day, turning it off when you’re away from home or offline for considerable periods of time will definitely protect your network from hackers.

11. WWAN security1

Built-in mobile broadband (WWAN) security is provided via encryption—so data sent and received is unreadable without the proper authentication “key.” More security is available via optional virtual private network (VPN) software, which is provided by employers to create a virtual point-to-point connection.

  1. 1 Broadband use requires separately purchased service contract. Check with service provider for coverage and availability in your area.