Categories
Security Software

Check Who Else is using your Wi-Fi & How to Secure it?

Suppose you pay good amount of money every month for a 100 Mbps connection, but you are not getting download and upload speeds as promised by your Internet service provider (ISP)! The reason behind your problem could be many, but what about people in your neighbourhood stealing your bandwidth because either you have a weak (easily guessable) password for your network OR your network don’t have a password at all!



Perhaps some of you will say: “It’s no big deal! Let the kids in my neighbourhood enjoy my internet connection, as I have got unlimited traffic (No Fair Usage Policy or Bandwidth cap)”. But what about someone tracking your internet activities, stealing your private information, sending threat emails to someone OR buying illegal products using your connection? Let’s check out in this post a free application for your computer running Windows, Linux or Macintosh OS, which alerts you whenever your Wi-Fi network is used by an unauthorised device.

Download Wi-Fi Guard from here and install it on your computer. Once the application has been successfully installed, it will ask you enter/select following details:

Under Basic settings:

basic settings

  • Network adapter: Select the name of your adapter from the drop-down menu, so that the the application can know which network it should scan? The list of adapters in the drop-down menu can be considered quite useful when you are using multiple Wi-Fi networks with your computer OR your computer have multiple network adapters. The application will also show you the current IP address allotted to your computer and IP subnet mask.
  • Scanning options: Select the maximum number of devices that you want to scan simultaneously using the application. You are also required to select after how many minutes the application should re-scan your network for unknown devices?
  • If you want to see the application’s icon in the notification area when you minimize it, then check the box in front of When minimized show in the notification area.
  • If you want the application to start automatically as soon as your operating system starts, then check the box in front of Start automatically with the operating system.
  • Check the box in front of Automatically check for new versions, if you want the application to check for its update automatically.

Under Advanced Settings:

advanced settings

  • Custom IP Range: Enter a range of custom IP addresses that you want to scan using this application.
  • Play sound on detection: Whenever the application detects an unknown device, it will play a sound on detection. You are required to select an audio file which you want to play on detection.

Under Email Settings:

email settings

If you want the application to send you an email whenever an unknown device is detected, then you are required to enter SMTP server address, recipient email address, username, password and type of connection (Regular, Secure to Regular port and Secure to dedicated port) to be used for an email account. Click on test button to test the connection and if the test is successful then click on OK button to save the changes.

Once everything is set, click on Scan now button and the application will start pinging other computers and devices. Once the scan process is complete, it will show you a list of all those devices which are currently alive (connected to/using your network):

scanning network

Known devices are shown with a green circle in front of their IP addresses, while unknown devices are shown with red circle in front of their IP. Whenever the application finds an unknown device using your network, it will notify you its allotted IP and MAC Address:

unknown devices

Within the user interface of the application, you will see the MAC address, vendor’s name and information about each and every device which is currently alive on your network. If you think that a particular device marked with a red circle belongs to you, then right click on it and select properties:

device properties

Now check the box in front of I know this computer or device and click on OK button. If you want you can also add your own comment or remark in the Your comment field for future reference. The device will instantly get added to the white list of the application and it will now be listed with a green circle:

whitelist device

What to do if you see unknown devices?

If the application show you a device which seems suspicious to you, then head over to http://www.macvendorlookup.com/ and try to find out the manufacturer OR company name of that device using the MAC address displayed by the application.

All you need to do is to enter a MAC address OR a list of MAC addresses and click on the Lookup button. The service will also tell you the location of the manufacturer on Google maps along with its registered address and registered range of MAC addresses:

lookup

Above details can also be obtained by entering your device’s Organizationally Unique Identifier (first 24 bits out of 48 bit MAC address) OR Individual Address Block (IAB). The service also allows you to lookup MAC addresses in batch by uploading a file containing a list of MAC addresses separated by a new line, a comma OR a space.

Off topic: The service also allows you to generate a random MAC address using this page. All you need to do is to select the quantity, separator style (none, colon, dash and Cisco) and Hex characters (UPPERCASE or lowercase), and click on Generate button.

As per the details provided by the lookup tool, if you are sure that a particular device is completely unknown to you, then follow these steps one by one:

1. Access your Wi-Fi Router’s Settings Page

If you want to change the behaviour and many aspects of your wireless network, then you should know how to access your router’s settings page? I am using Netgear’s N150 Wi-Fi router from past many years and I can easily access my router’s settings page any time by typing either 10.0.0.1 OR http://www.routerlogin.net in my web browser.

When I purchased my router the default username for its setting’s page was admin and the default password was password. This means whenever I try to access 10.0.0.1 OR http://www.routerlogin.net, my router will always ask me to enter a username and password.

If you are using a router manufactured by a different company like Cisco Linksys, Apple, D-Link, Belkin etc., then refer your router’s manual and you will find its default access IP for its settings page along with its default username and password. If you are unable to find these details in the manual, then they will be either printed on the packaging box OR you may want to search their knowledgebase on the internet.

Note: Generally the most common IP addresses for a Wi-Fi router are 192.168.1.1, 192.168.0.1192.168.1.2 etc.

2. Change the default Password of your Router

The default password for most Wi-Fi routers is password and you should immediately change it to something else for security purpose. Access your router’s settings page and go to the page where you can set a new password for it:

new password

Type your old password once and then type your new password twice. Click on apply button, and the password for your router will get instantly changed.

Note: Try not to forget your router’s new password, as otherwise you will have to reset it. Jot down the new password in a journal and keep it somewhere safe.

3. Change your Network’s Name/SSID

Go to your router’s Wireless Settings page and change the name of your network SSID (Service Set Identifier) to something else (or something scary like virus.exeFBI Surveillance Van etc.). Try not to use these very common network SSID:

wireless settings

If you also want to disable SSID broadcast for your router, then you can do so from this page. By doing so your router will stop broadcasting your network name publicly.

4. Opt for Encryption

Under wireless settings of your router you can select what type of encryption you want to use with your network? Select from WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 (Wi-Fi Protected Access II) and enter a strong pass phrase for your network.

WPA2 is currently the latest encryption mechanism for wireless networks and if your router supports it, then you should go for it. But in case your router do not support WPA2, then you should go either for WPA or WEP. Keep in mind that WEP is the least secure protocol and must be avoided.

5. Use MAC Address Filtering/Setup Wireless Card Access List

If a Wi-Fi enabled device knows your network’s SSID and password, then your router will instantly allow it to access your network. This also means that if you are currently broadcasting your network SSID and someone manages to guess its password, then he will be able to use your connection without any restrictions.

To increase security, you can restrict access to your network by allowing only specific devices based on their MAC addresses. Go to your router’s settings page and look for MAC address filtering OR Wireless card access list and turn ON the Access control feature:

access control

Click on Add button and the immediate next page will ask you to enter the name as well as MAC address of a Wi-Fi enabled device:

access list

Once you have precisely added above details, click on Add button and your new device will get instantly added to your wireless card’s access list. Any device outside this list will not be able to access your network, even if it knows your network’s password.

How to Find MAC Address?

MAC address stands from Media Access Control Address and if you don’t know how to find it your computer or mobile device, then follow these steps:

Android OS

If you are using an Android powered smartphone or tablet device, then its MAC address can be found in your device’s settings. Check out this post for full details.

Macintosh

If you are using Mac OS X, then check out this article to known the MAC Address of your computer.

iOS

If you are using an Apple device viz. iPhone, iPad or iPod touch, then you can find the MAC address of your device by going to its Settings >> General >> Tap on About >> Scroll down to the very bottom of the page and look for Wi-Fi address:

mac address ios

Note: You can also find your device’s Bluetooth MAC address just below the Wi-Fi address.

Windows OS

If you are using Windows XP, Vista, 7 and 8 (including 8.1), then you can find your computer’s MAC address by opening command prompt (CMD) and typing ipconfig /all:

Your computer’s MAC address will be the string written in front of Physical address either under Ethernet adapter local area connection OR Wireless LAN adapter Wireless Network Connection:

mac address windows

Note: You should carefully check the name of your computer’s network adapter, as it may have multiple adapters installed. Another way to know your computer’s MAC address using CMD is by typing getmac /v /fo list:

getmac

Linux OS

If you are using Linux operating system , then follow these steps in order to find the MAC address of your computer:

  • Login to your system using a root user and open terminal.
  • Now type ifconfig -a and press Enter.
  • You should see your computer’s physical address written in front of Link encap:Ethernet HWaddr under eth0 (wlan0 or wifi0).

Note: If there are multiple adapters installed on your computer, then you may see the physical address in front of eth1 or eth2 etc.