Subscribe to ProtectMyID Blog via RSS

Rss Posts

Rss Comments

Welcome to the ProtectMyID Blog

Lessons and stories from the front lines of fighting identity theft.


Protecting Home Wireless Networks

Oct 21

By Rex Davis, Operations Director, ITRC

Wireless networks have attained a de facto presence in home and small business environments during the past few years.  The ever increasing ability (digital phones, personal handheld devices, gaming consoles, etc.) to connect to the Internet via a wireless node has propelled the wireless network router to a place of common acceptance in the home.  The convenience brought to users by the wireless connection is often significant.  So too is the increased risk of hacking if the wireless network is not secured properly.  Below are some considerations to improve your security when operating a wireless network:

Wireless Setup:  Wireless routers are often supplied with default settings that allow a user to quickly create an operating wireless network.  Users need to become familiar with the router setup, and verify that the settings are applied for appropriate security, especially if the user did not do the initial installation setup.

Important Default Settings: The factory default user name and password for access to most routers is well known publicly, and can easily be found by doing a web search.  So is the default SSID. Resetting a router to the factory default settings is usually no more than depressing a back panel switch with a paper clip and rebooting the router.  Here are some points that should always be checked:

  • Always reset the administrator password (and the administrator user name, if possible).
  • Always reset the SSID to a new name. Disable remote management of the router, unless you really do need to change router settings from a remote location.
  • Ensure that the router firewall is enabled and that wireless encryption is enabled.  If at all possible, use one of the newer standards, such as WPA2, or WPA, which are much harder to decrypt/hack than the earlier WEP standard. 
  • See that a software firewall is running on each computer in your network, both those with wired and wireless access to the network.    

Additional Security Measures:  The measures above should be done in all wireless network installations.  Below are some actions that can be done if you have a more serious need for securing your wireless network:

  • Use a MAC address access list.  All wireless clients have a unique “MAC” address number, which is specific to that particular unit.  Many routers have the ability to restrict access to a list of known MAC addresses.  This restriction is not a “save all” method, since MAC addresses can be faked by some types of hacking software.
  • If possible, locate the router in a central part of the home or business.  A wireless router in a second story window will be accessible from several hundred yards away, or even further if a directional antenna is being used by the interloper.
  • Instead of letting the router assign IP addresses automatically to the intended clients (DHCP), set the router to accept a small range of static IP addresses.  Then configure each intended wireless client with a fixed (static) IP within the range you chose. 
  • Turn the router off when you will be away for an extended time.  Most routers will reboot in a minute or two.    

Choose a qualified supplier:  There are many companies that build or rebrand wireless routers.  ITRC believes it is worth your time to check online to see if the router model you are considering provides a thorough user manual.  You should be able to download a PDF user manual that is thorough in explaining the setup and operation of your intended purchaseUltimately, your network security will depend upon both the features available in your wireless router and clients, and the choice of appropriate settings to secure the network.

Defend your computers:  A secure wireless network will do little good if your client computers are open to viruses, malware, pop-ups, and other threats that can be imported through your firewall by ordinary web browsing and email.  Antivirus and personal firewalls must be enabled.  Operating system and antivirus programs must be updated automatically with patches and new virus definitions.  An infected computer can allow system takeover, keystroke logging, and other hacking from within your network.

Post a comment

Note: takes your privacy seriously. In order to post comments on this Blog Site you will be required to provide your name and email address for verification purposes only. This information will not be shared, sold or used for marketing purposes. Confidential, private or credit information should not be posted to this Blog Site at any time. Children under the age of 13 are not permitted to post comments to this Blog Site.