How to increase the security of the WiFi router
Surely it has ever happened to you that you have explored nearby Wi-Fi networks with your laptop or Smartphone and have seen nearby open networks that allow you to connect freely. Sometimes this happens because the owner of a nearby router did not know how to configure the WiFi network properly.
Having a wireless network open to everyone poses a great risk to security, since it can allow anyone who is near the router (for example, a neighbor or any hacker) to freely access your network. To make the Wi-Fi network in your home safer, I was able to follow the following easy-to-configure tips.
Next we will explain simple tricks and tips that can be put into practice by accessing the router’s configuration. First you have to connect the router by cable to a computer from a LAN port to the network card of the computer. It can also be accessed via WiFi if it is the only mode available.
Almost all the routers work in a similar way. If yours is different than what is described below, then consult the specific router manual. As an example we are going to take the WiFi router easier to configure and cheap available in 2017 which is the Tenda N301 router
|Tenda Router N301Router easy to econfigurate and cheap
24,30 EUR – Free Shipping
- How to configure WiFi security for a router and prevent access to hackers and all unauthorized neighbors.
- Why do I need to change the WiFi network name SSID?
- What is the purpose of hiding the SSID name of the WiFi router?
- How to enable WiFi router firewall
- Enable MAC filtering of WiFi devices
- Disable WPS access to the WiFi router
Wireless security is a section of the router’s configuration. If a password or password is never requested when you connect to your home WiFi network, it is an unsecured network. In other words, if someone is close enough to your router, they could freely connect to your network for any purpose. To enable router security, you must enter the router configuration web page and look for a wireless security section.
In this section of the router you can choose the wireless security type WEP, WPA or WPA2. The type of WEP encryption is the oldest and least secure, therefore we always recommend configuring WPA2 security. “Passphrase” is the password we can choose for our router. Remember that more than 8 characters are recommended with figures, letters and symbols. After activating the security in the router, any wireless device that wishes to connect to the router must have the password or “passphrase” to connect to its network. To choose the perfect password for a WiFi router see this other article >>.
It is very important to make sure that the password of the router does not use the default password. If the default password is used, it can be easily guessed by any hacker that you can even change the router settings.
All modern routers are compatible with previous security systems such as the WPE. There are users that to connect a game console, or some old device, need to continue using WEP security, which in any case is always better than leaving the router open.
Why do I need to change the WiFi network name SSID?
The SSID is the name that identifies your WiFi router. By default, many routers will use the name of the router brand or the provider company as the default SSID. For example, Thomson routers will use THOM_XX or Vodafone routers use VodafoneXXXX as SSID. The use of a default SSID is the biggest security risk today as it identifies the brand of the router and allows any attacker to immediately know what tools to use to attack it. When we change the name to the SSID by a completely neutral type of “ourWIFI” we are automatically hiding the brand of the router and we have made it much more difficult for hackers. Of course, you do not have to put your own names, surnames or identification of people in the name of SSID because it will be public and we will give clues about who owns the network to everyone who is nearby.
Another way to increase security and give more performance to the WiFi network is to limit the maximum number of WiFi clients. Each Wi-Fi user or client connected to the network increases traffic and can lower the connection speed for other clients who need to work properly. That is why it is important to limit the maximum number of customers in a public network. For example, if we have a bar and we want to give WiFi access to customers, it is a good idea to limit the maximum number of WiFi clients to the average number of regular customers at the bar, for example at a maximum of 16. In this way we avoid that the neighbors connect at all hours and make the speed of the network fall.
ANTENNA PANEL MELON 36DBI N4000
What is the purpose of hiding the SSID name of the WiFi router?
To make it more difficult for neighbors to find your network to connect to for free you can disable the SSID broadcast feature. This configuration makes the name of the network public and visible. When the broadcast of SSID is disabled, if you place yourself with a mobile phone near the router you will not see the network name, but this does not prevent you from connecting, because if you know the name of the network, for example “ourWIFI” you can type it manually and connect without problems.
Disabling the broadcast SSID (SSID broadcast) significantly increases the WiFi security of the router. Most broadband routers wireless access points (APs) automatically transmit the network name (SSID).
Before deactivating this function we will see the aspects to favor and against.
The SSID broadcast is used to make it easy for customers to see and connect to the network. Otherwise, they have to know the exact name, and establish a manual connection by writing it on the device. By hiding it you get that any person nearby can not find the network or try to connect to it. However, a skilled hacker with enough time can track the traffic that leaves your network when someone is connected, find out the SSID and finally continue the attack.
The disabling of the SSID broadcast is done from the WiFi security page of the router. This function is probably called “Broadcast SSID” or “SSID broadcast” and is usually set to enabled by default.
To connect to a network with a hidden SSID whose network name is not shown to the wireless devices, each user has to manually configure the profile settings, including the network name and security mode. After making the initial connection, the devices can remember these settings and will not need to be reconfigured.
For example, an Android Smartphone can connect to a hidden network through the WiFI configuration: “Add network”.
One of the disadvantages is precisely the effort required to manually enter SSID into new client devices which is a nuisance for everyday use. Instead of simply giving your network password, you have to inform all users of the SSID and security mode.
How to enable WiFi router firewall
Most routers have a firewall that can be easily enabled to prevent any kind of attack. If it is available, it is advisable to activate this function, since it adds an additional layer of security to your network. A firewall can be a useful defense against hackers, it is also likely that you already have one installed on the router and did not even realize it.
A firewall is the digital equivalent of a gatekeeper that controls all doors and establishes network traffic limits. It can be used to prevent traffic from entering or leaving the boundaries of your network. The WiFi router firewall is usually a hardware-based firewall. They basically protect ports and prevent attacks through the internet. Firewalls can also prevent an infected computer within your network from attacking other computers by preventing malicious traffic from leaving your network.
To see if your router already has a built-in firewall, look for a configuration page called “Security” or “Firewall.” This indicates that your router has a factory built-in firewall.
Once the firewall is enabled, you can configure it to add firewall rules and access control lists to meet your connectivity and security needs.
Enable MAC filtering of WiFi devices
The MAC WiFi filter function serves only to allow a wireless device to connect to the router if the MAC address has been entered in the wireless MAC filter list. Making MAC filtering can make it difficult to connect new devices to your network, but it greatly improves the overall security of your WiFi network.
The quick and easy way to configure the MAC filter is to connect any wireless device you want in your network to your router before enabling the wireless MAC filter. After each device has successfully connected, access the router settings and open the DHCP client table, which is often found in the local network status section. Each device that has been connected to the router will have associated the MAC that characterizes it, then it can be copied and then pasted into the wireless MAC filter section of the WiFi router security.
Once MAC filtering is enabled, there are two ways to block access that is not allowed. One is creating a “whitelist” of MAC authorized to connect. In this way, no MAC that is not in the list can connect. And the other way is by creating an unauthorized “blacklist” of MAC. This system is very useful if we want a neighbor who connected in the past can no longer connect via WiFi.
MAC filtering is undoubtedly one of the safest systems to completely close our WiFi network to any neighbor who wants to connect for free. Bearing in mind that the MAC is a unique identification number of each WiFi device that is determined from the factory, that is to say it works as a DNI or fingerprint of each antenna WiFi, Tablet, mobile etc.
If, for example, in our house we are only going to connect with a laptop and a Tablet via WiFi, if we set the filter by MAC for these two devices we will make no other different device can connect to the router while this filter is still activated. If we need to add devices in the future we can add the MAC one by one or disable this function.
Disable WPS access to the WiFi router
To give even more security to the WiFi router it is recommended to deactivate the WPS system. The WPS system is based on an exchange of 8-digit PIN, the new WiFi device that wants to connect to the network must transmit a numerical code to the router and in return the latter sends the encrypted password to connect.
The problem with this connection method is that the hacker can easily find out the Pin that normally only has 8 numbers. Truly disabling the WPS function will prevent the access attempt of any nearby hacker.
|WiFi repeater router with USBRouter OpenWRT SILICEO
46 EUR – Free Shipping