How to secure your home or business Wi-Fi
- GeorgeCM
....Wi-Fi signals broadcast beyond the walls of buildings out into the streets, which is an enticing invitation for hackers and cybercriminals.
So, here are seven tips to help you make your wireless network more secure.
1. Use stronger encryption
Some Wi-Fi access points still offer the older WEP (Wired Equivalent Privacy) standard of protection, but it is fundamentally broken.
That means that hackers can break in to a WEP-protected network in a matter of minutes. Therefore, it's essential to use some variant of WPA (Wi-Fi Protected Access) protection, either WPA or the newer WPA2 standard (or WPA3 when it lands).
2. Use a secure WPA password
Make sure that any password (or passphrase) that protects your Wi-Fi network is long and random so it can't be cracked by a determined hacker. Changing both access name and password will make it more difficult for a criminal to gain access.
Bear in mind that even WPA2 security standard is unlikely to resist a well organised and stubborn hacker or hacking group thanks to the KRACK Wi-Fi flaw that was discovered in October 2017.
3. Provide a separate network for guests
If you want to allows visitors to use your Wi-Fi, it's sensible to offer a guest network. This means that they can connect to the internet
without getting access to your company's or family's internal network. This is important both for security reasons, and also to prevent them inadvertently infecting your network with viruses or other malware.
One way to do this is by using a separate internet connection with its own wireless access point. In fact this is rarely necessary as most business grade (and a lot of newer consumer) wireless routers have the capability of running two Wi-Fi networks at once - your main network, and another for guests (often with the SSID "Guest".)
It makes sense to turn on WPA protection on your guest network - rather than leave it open - for two important reasons. The first is to provide some level of control over who uses it: you can provide the password to guests on request, and as long as you change it frequently you can prevent the number of people who know the password growing too large.
But more importantly, this protects your guests from other people on the guest network who may try to snoop on their traffic.
That's because even though they are using the same WPA password to access the network, each user's data is encrypted with a different "session key," which keeps it safe from other guests.
4. Hide your network name
Wi-Fi access points are usually configured by default to broadcast the name of your wireless network - known as the service set identifier, or SSID - to make it easy to find and connect to. But the SSID can be also be set to "hidden" so that you have to know the name of the network before you can connect to it.
Given that employees should know the name of your company Wi-Fi network (and the same goes for family members and friends in a households), it makes no sense to broadcast it so that anyone else who happens to be passing by can easily find it too.
It's important to note that hiding your SSID should never be the only measure you take to secure your Wi-Fi network, because hackers using Wi-Fi scanning tools like airodump-ng can still detect your network and its SSID even when it is set to "hidden."
But security is all about providing multiple layers of protection, and by hiding your SSID you may avoid attracting the attention of opportunistic hackers, so it is a simple measure that is worth taking.
5. Use a firewall
Hardware firewalls provide the first line of defence against attacks coming from outside of the network, and most routers have firewalls built into them, which check data coming into and going out and block any suspicious activity. The devices are usually set with reasonable defaults that ensure they do a decent job.
Most firewalls use packet filtering, which looks at the header of a packet to figure out its source and destination addresses.
This information is compared to a set of predefined and/or user-created rules that govern whether the packet is legitimate or not,
and thus whether it's to be allowed in or discarded.
6. Enable MAC authentication for your users
You can limit who accesses your wireless network even further by only allowing certain devices to connect to it and barring the rest. Each wireless device will have a unique serial number known as a MAC address, and MAC authentication only allows access to the network from a set of addresses defined by the administrator.
This prevents unauthorised devices from accessing network resources and acts as an additional obstacle for hackers who might want to penetrate your network
7. Use a VPN
A VPN or virtual private network will help you stay safe and secure online while above all keeping your private stuff private.
They keep your data hidden from prying eyes one end to the other by encrypting it.
In theory, hackers could penetrate your network and they'd still not be able to do any harm to your system assuming that a VPN is running permanently.
