blog-logo.png

A BLOG ABOUT CYBER SECURITY

Wombat Security is a leader in security awareness and training. Our blog covers the latest cyber security news, insights, and best practices. We arm infosec professionals with the knowledge and tools they need to improve end-user behaviors and reduce organizational risk.

Three Simple Steps for Securing Your Home WiFi Network

Posted by Gretel Egan on Nov 10, 2016 4:49:23 PM

Topics: Cyber Threats, Mobile/BYOD, Risk Management, Keys to Success, All Posts

Wombat_Blog_HomeWifi_Nov2016.jpgYou may have heard (or read) of the dangers of connecting to free, open-access WiFi networks. But did you know that your home network can also be hazardous to your personal data? If you have not taken the proper security precautions, your home WiFi is likely to be just as vulnerable as the open wireless network at your corner coffee shop. Without the proper defenses, your network could be accessible to anyone with even a modest set of cyber snooping skills.

I spoke with our CTO Trevor Hawthorn about this issue, and he advised me about the three most important security safeguards for standard home WiFi networks. “These protections,” he said, “should solve 99.99% of issues for 99.99% of users.”*

Take a read through the following tips and commit to taking these steps to make your network more secure. Though the idea of updating default passwords and changing WiFi settings might sound too technical for you to handle, it’s much easier than you might imagine. If you’ve ever programmed a DVR (or, for us dinosaurs, a VCR), you can do this as well.

1. Change Your Router’s Default Administrator Password and Disable Remote Administration

The “admin” password on your router is totally different from the password that you use to log into your WiFi network. Where your WiFi password will allow you to connect to the internet using your router, your router password gives you access to the actual configuration settings of the WiFi network itself.

The problem with leaving your router configured with your default password is that everyone from amateur teenage hackers to sophisticated cybercriminals can find that password somewhere online and use it to get into your network. Changing default passwords helps to reduce cybersecurity risks.

Here’s how to change your default password:

  1. Find the label on your router that lists the default IP address, administrator user name, and administrator password.
  2. Open a new Web browser window (in your browser of choice).
  3. Enter the default IP address — it will look something like 123.456.7.8 — in the web address bar.
  4. Enter the default user name and password on the login screen.
  5. Navigate to the Administration area and change the admin password. Longer is better, and special characters are a plus. A passphrase that means something to you but would be difficult for others to guess is a great option (e.g., PhilKesselForPresident2016!).

The next thing to do while you’re in this screen is to disable remote administration. When remote administration is enabled, it’s possible to connect to your router from outside your home; leaving that on when not specifically necessary makes your network vulnerable to attack.

To turn off the feature, look for a box or button that is labeled with something like “Enable Remote Administration” or “Disable Remote Administration.” Check or uncheck the feature as appropriate to ensure that remote administration is not on.

Note: If you can’t find the admin password within the interface, do a quick search for “change <Router Brand> <Model Number> password” and you should quickly find the directions.

color_bar.png Click below for advice about improving data security on free WiFi networks.

Our Tips for Using Public WiFi

color_bar.png

2. Update Your Router’s Firmware

While you’re in the Administration screen, take the opportunity to upgrade your router’s firmware. As is the case with other electronic devices, router manufacturers often discover bugs and other issues that need to be addressed after products have already been shipped and installed. Updating the firmware on your router is akin to updating the operating system on your smartphone or tablet, and this step can help eliminate known cybersecurity vulnerabilities and improve performance.

To complete the update, look for and click a “Firmware Update,” “Router Update,” or similar button in the administrator window. As noted in the first tip, if you can’t find what you’re after, an online search can help you identify where to go within the interface to complete the update.

 

3. Configure Your WiFi Security Settings

There are three key settings to check (and, if necessary, change) with regard to your WiFi network configuration: your SSID (i.e., the name of your wireless network), your encryption method, and your WiFi password. Here’s how to do it:

  1. Look for a tab named “Wireless Setup” or similar. (Again, a quick online search can help you identify the exact location for your specific router if you're unsure.)
  2. Set your wireless encryption to WPA2 — a must, as other WiFi encryption protocols are much more vulnerable. If there are multiple WPA2 options, choose either WPA2-PSK, WPA2-PSK (AES), or WPA2-Personal (all three are essentially the same and offer the best option for at-home use).
  3. Establish your wireless passphrase. As with your new admin password, opt for a longer passphrase that has personal meaning and at least some degree of complexity (special characters, numbers, etc.). DO NOT reuse your admin password.
  4. Change the default SSID to the name of your choice (something like “FBI Surveillance 1” is likely to keep your neighbors guessing). If you keep the default SSID, you will likely broadcast the brand and type of router you are using, and these are pieces of information that a cyber snoop can use against you.

On a related note, if you are particularly worried about an outsider "piggybacking" on your Internet access, you can choose to disable SSID broadcasting. (Unauthorized wireless use tends to be a greater concern in more populated residential areas like apartment complexes and multi-tenant buildings.)

When SSID broadcasting is turned off, your WiFi network name will not be visible to devices when they scan for available wireless networks in your area. The downside of this is that your SSID will not show up in your scans either, which means you will have to manually enter your network into your devices when you try to connect. However, the benefit to disabling broadcasting is that it becomes much more difficult for outsiders to connect to your network because they would have to guess both your SSID and your password to gain access.

To turn off this feature, look for “SSID Broadcast” (or similar) in the wireless setup area. Check (or uncheck) the box or button as appropriate to disable broadcasting.

* Like most networks, WiFi systems can include different types of equipment and different configurations. For the purposes of this article, we assumed a relatively common residential network setup featuring a single wireless router with a built-in access point.

icon-book.png

Try Our Interactive Security Awareness Training Modules

Our 25+ interactive training modules in topics like Email Security, URL Training, Mobile App Security, and more are proven to change the behavior of end users and reduce risk.

Try Our Modules

   Educate Yourself: Protect Against Security Vulnerabilities