I am writing this post from New Delhi and here almost every household is using a wireless network for internet access. To my surprise. many of these households are using the same username and password for their wireless network which was initially provided to them by their Internet Service Provider.
The username and password of a particular network is quite easy to guess, as here there are many local ISPs who provide their customers with a username which is their house number and a password which is either the mobile number of the customer or a simple alphanumeric string like 123456, abc123 etc.
If you have recently obtained a new wireless router/connection or would like to tighten the security of your existing wireless connection, then lets check out in this post some very basic but useful wireless network security tips.
Note: I have a Netgear wireless router and in this post I will be using screenshots of various settings for my router only. If you have a router of some other manufacturer like Cisco, Linksys (Belkin), D-Link, Huawei, Thomson Speedtouch, TP-Link etc. then you are required to refer its manual.
Why you should tighten the Security of your wireless network?
If someone gains unauthorized access to your wireless network, then one of the following things may happen:
- The person will start using your allotted bandwidth as he will be downloading/streaming content from the web without any restriction.
- You will get less download/upload speeds on all your devices.
- You may get notices from your ISP, if illegal content is being downloaded using your network.
- Police may knock on your door, if your network is being utilized for illegal purposes like for sending threatening emails/instant messages etc.
How to Log in to your Wi-Fi Router?
In order to access the settings page of Netgear wireless router, one is required to enter either 10.0.0.1 or routerlogin.net in his web browser:
The browser will now ask the user to enter the username and password for his router’s settings page. The default username and password for most routers are admin and password respectively, unless you or someone else have changed it.
1. Different manufacturers may have different IP address/username/password for their router’s settings page. If you are using a router manufactured by some other company, then check the manual provided with it (or search for its manual/login IP address/username/password using Google).
For example the general login IP address for Linksys wireless router is 192.168.1.1, while its username is blank (you have to leave this field empty) and the password is admin.
2. If you enter wrong username and password for your router’s settings page, then you may see something like following 401 unauthorized error (Access to this resource is denied, your client has not supplied the correct authentication) in your browser:
If you have changed the default username/password of your router and have also forgot the new credentials completely, then you will have to hard reset your router manually and re-configure your internet connection settings. You can also call your ISP and take help from them.
Once you are successfully logged in, we are now ready to tighten the security of your wireless network. Follow these steps one by one:
1. Change the Default Password of your Router
As stated earlier, the default password for most wireless router is password and you should change it to something strong, but easy to remember. Try not to forget your new password, as otherwise you will have to hard reset your router manually, which will result in loss of almost all settings (unless you have already created a backup of your settings). Follow these steps in order to change your router’s default password:
1. On your router’s settings page look for Change/Set Password in the header or in the sidebar. Click on it:
2. The next page will ask you to enter your old password and new password twice:
3. Once you have entered the old and new passwords, click on Apply button and wait for the changes to take place in the router.
2. Change the Default SSID of your Router
SSID stands for Service Set Identifier in wireless networking or in simple terms it’s the name of your wireless network. When I bought my Netgear router it came with a default SSID which was something like Netgear1234. In almost all new routers the default SSID is set as the name of the manufacturer (free advertising!).
If you are using default SSID for your wireless network, then you should immediately change it to something else in order to protect yourself from possible network attacks. Follow these steps in order to change your network’s SSID:
1. Go to Wireless Settings page in your Router and look for a field which says SSID or Network Name:
2. Remove the default network SSID from the field and enter anything of your choice like your pet’s name, name of your favourite car or bike etc. – Try not to enter any sensitive or personal information like your mobile number, social security number, house/street number etc. in this field.
3. Click on Apply button and wait for the changes to take place in your router.
Note: After you have changed your network’s SSID, you are required to connect all your wireless enabled devices with the network once again.
3. Go for WPA/WPA2 Encryption
Nowadays almost all Wi-Fi router comes with encryption technology which scrambles all data packets that are being sent over a wireless network, so that unauthorized people can’t decipher them. In my router I can see following Security Options under Wireless Settings Page:
- None – No Encryption.
- WEP – Wired Equivalent Privacy, uses WEP 64- or 128-bit data encryption.
- WPA-PSK [TKIP] – Wi-Fi Protected Access with Pre-Shared Key, uses WPA-PSK standard encryption with TKIP encryption type.
- WPA2-PSK [AES] – Wi-Fi Protected Access version 2 with Pre-Shared Key, uses WPA2-PSK standard encryption with the AES encryption type.
- WPA-PSK [TKIP] + WPA2-PSK [AES] – Allow clients to use either WPA-PSK [TKIP] or WPA2-PSK [AES].
If you also see similar options in your router’s settings page, then I will highly suggest you to go for WPA2-PSK or at least WPA-PSK. Once you have selected your preferred encryption option, click on Apply button and wait for the changes to take place.
Note: It’s natural that everyone will opt for strongest encryption for their wireless network. However keep in mind that all wireless enabled devices in your network should also share the same encryption settings, otherwise they may not function properly. You are required to opt for a encryption setting that works with all devices without any problem.
4. Enable MAC Address Filtering
MAC Address stands for Media Access Control Address and MAC Address Filtering feature (present in almost all modern wireless routers) allows you to connect only specific devices with your network. This means that if you have authorized 5 devices to access your network using MAC Address Filtering feature, then no other additional device will be able to access your network unless you manually authorize it again from your router’s settings page.
It is highly recommended that you should enable this feature for your network. Follow these steps in order to do so:
1. Under Advanced Wireless Settings in your Router you may see a button which says Set Up Access List:
2. Click on this button and check the box in front of Turn Access Control ON, so that your router can restrict the connection from various wireless devices based on their MAC addresses.
3. Click on Apply button and wait for the changes to take place.
4. We are now ready to set up a list of authorized wireless devices for your network. For this click on Add button to go to the Access Setup page, where you will be able to see a list of all currently active wireless cards and their Ethernet MAC addresses.
If a wireless device that you want to authorize is already present in the list, then you need to click on the radio button present in front of its name in order to capture its MAC address. Otherwise you have to manually enter the Name and MAC address of a wireless device:
Note: You are required to manually find the MAC Address of your computer, mobile devices, gaming consoles (PS3, PS4, Xbox etc.) etc. You may want to refer to this post in order to know how to find the MAC Address of Android, iOS, Mac and Windows based devices?
5. Once you have added all the devices that you want to authorize with your network, click on Apply button once again and wait for the changes to take place in your router.
5. Turn OFF your Router when you are not using it!
If you are not going to use your wireless network for extended period of time, then you may want to Turn it OFF completely. This will not only save your electricity bill, but will also prevent your network from possible attacks/unauthorized access attempts.
1. You should also install a firewall on all your computers for enhanced security against different types of network attacks. If you are looking for a free and standalone firewall software, then I will highly suggest you to get ZoneAlarm.
However keep in mind that you will have to configure certain rules/application access control for your firewall. After installing a firewall, if a particular program suddenly stops working or show weird behaviour, then you are required to white list that program in the Firewall.
Also if you are not using any anti-virus software on your machine, then you should also get a free anti-virus software like Avira, which works great with ZoneAlarm.
And if you can invest some money in a security suite (firewall + malware scanner + more features like parental control, email scanning etc.), then you should go with either Kaspersky Internet Security or BitDefender Internet Security.
2. You can also purchase a router from the market which have an in-built firewall (hardware firewall). However keep in mind that these type of routers are quite costly.
3. There are some websites on the internet which are suggesting everyone to Disable SSID (Network Name) Broadcast as a security measure. I will not suggest you to use this option as many wireless devices, especially mobile devices, won’t be able to connect with your router if you enable this feature.
4. Instead of using a real wireless router, if you are using Connectify or some other similar application to create a virtual HotSpot using your laptop’s internet adapter, then you should not only opt for a strong password for your HotSpot, but you should also select Access Point, WPA2-PSK under security mode.