Some tips from our experts on how to secure your wifi network
The WiFi network makes our "physical layer" of connection accessible to everyone. Unlike cable, it is not necessary to break through the walls of our home or business to access it and it is even possible to do so remotely through special antennas or by setting up in an adjoining building.
Change the default SSID
The SSID is the name of our WiFi (the one that appears in the list of networks in range). Normally, the telephone operator provides our system with an SSID, but for security reasons it is preferable to change it to an internal one that is not easy to guess.
Change the default password
- We will never use the default password that comes with our router.
- We will change it for another one that is difficult to guess.
- We will change passwords periodically.
- We will change passwords whenever an employee leaves the company, a conflict has arisen or we suspect that security may have been compromised for any reason.
Do not share passwords
... It is obvious, but poor management of keys and passwords is one of the first weak points in all security systems.
Hide SSID
In most WiFi access points it is possible to disable the broadcasting of our SSID. In this way, our network will remain somewhat more hidden and we will make it more difficult to attack it.
Use a secure encryption system
If it is not absolutely unavoidable, WEP encryption should not be used, if not at least WPA or WPA2.
Set the WiFi radio range to the minimum necessary.
Many WiFi access points allow varying the range of the radio emission, limiting the WiFi range to our private spaces can be the best security measure:
- Place (if possible) the access point in the central part of our home or company: we will favor a good internal coverage and avoid (if possible) that the signal goes outside, opening the door to intruders.
- Set the transmitting power of the access point to the minimum necessary to cover the spaces in which we want to have LAN. Many access points allow this power to be regulated in several levels. The choice of antennas, which are just enough to cover our spaces, is also crucial.
Disable DHCP protocol
This is the protocol for automatic IP assignment in the network. If we want to have an additional level of security, we can disable it:
- Only the IP's of known devices are assigned.
- Have control over the assigned IP's.
- If the router allows it, you can even set the IP's assigned to the MAC addresses of the devices.
Blocking MAC addresses in our access point
All systems that connect to the network have a fixed address known as the "MAC address". Although it can be somewhat inconvenient:
- It is possible in most wifi transmitters to filter these addresses so that we only allow access to devices known to us.
- The MAC addresses that have accessed our router are often available, so even if we do not have filtering enabled, we can detect attacks via this route.
Open only those ports that are necessary
Default:
- We will only open the ports that are necessary.
- (Additionally) we can not use the default ports for each task.
Keep the firmware of the access point up to date.
The vulnerabilities of each access point are periodically published in hacking forums and therefore, it is up to us to keep it updated or change it if we have strong suspicions that it may be easily attackable.
Disconnect the access point when not in use.
We are sure to be protected, and we will also save electricity.