Wireless Security: tips on protecting your router/modem
Just as you safeguard your possessions by locking the doors and windows to your office, you need to protect your wireless network from hackers. MWEB, South Africa's leading Internet Service Provider, understands the threat to your company's bandwidth, and has therefore provided the following easy guidelines on how to improve your network security.
While these tips may not prevent a skilled hacker from accessing your network, they will help keep malicious users and eavesdroppers at bay. The top ten tips to improve your online security are:
- Locate your access points away from windows
When conducting a site survey for where to position the access point of your network, think about locating it towards the centre of your building rather than near the windows. This will make it easier to ensure that your coverage extends to your windows but not beyond. If the access points are located near windows, a stronger signal will be broadcast outside your building, making it easier for people to access your network.
- Reduce your network transmitter power
This feature is not available on all wireless routers and access points, but some allow you to lower the power of your network transmitter and thus reduce the range of the signal. Although it's usually impossible to fine-tune a signal so accurately that it won't leak outside your business, with some trial and error you can often limit how far the signal extends. This minimises the opportunity for outsiders to access your wireless network.
- Enable firewalls on each computer and the router
Most modern routers have built-in firewalls. You should ensure that all routers' firewalls are turned on, and also consider using personal firewall software on each computer connected to the router.
- Turn off the network during extended periods of non-use
Shutting down your network will certainly prevent outside hackers from breaking in. Although it is impractical to turn your devices on and off every time you want to use them, it is advisable to consider doing so, especially during travel or extended periods offline.
- Change the administrator passwords
To set up a router, manufacturers provide web-page interfaces. To access these web pages, you need to log in with a username and password. The default login details provided by router manufacturers are simple and well-known to hackers on the Internet. You should therefore change your router login details immediately after purchase and keep these details secret.
- Set up your router to use encryption
Most Wi-Fi equipment should support encryption, but your Wi-Fi router may not have this activated by default. Encryption is essential for maintaining privacy as it scrambles digital information, making sure it is only available to those for whom it was intended. You will need to make sure that all of your Wi-Fi devices share identical encryption settings.
- Change the default SSID
Wi-Fi access points come with a default name that is broadcast to any Wi-Fi device within range - this is called a "Service Set Identifier" (SSID). Hackers are quite adept at figuring out the manufacturer defaults and so it is advisable to change this to something unique.
- Disable SSID Broadcast
Turn off the feature on your router that broadcasts your router's SSID. If you already know your SSID, you can manually set your other Wi-Fi device(s) to connect to it. In any case, broadcasting your router's SSID is an open invitation to hackers (or your neighbours) to break into your system or use your bandwidth. Check the manual for your Wi-Fi hardware to find out how to disable SSID broadcasting.
- Enable MAC address filtering
Every piece of Wi-Fi equipment has a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that are connected to them. Many products like this offer the owner an option to key in the MAC addresses of their office equipment and then to permit Wi-Fi access only to those devices. Please note that this feature is not as powerful as it may seem, because hackers can fake MAC addresses.
- Do not auto-connect to open Wi-Fi networks
Connecting to an open Wi-Fi network could expose your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you. This setting should only be enabled temporarily.
Although no method is 100% secure, these steps will help secure your wireless network against people looking to steal your company or personal information and/or your Internet bandwidth.
For more information about your connectivity options, visit http://www.mweb.co.za/ or call 08600 32000.