NCC Blog Post 2

How to secure your Wi-Fi network

Ideally, your wireless router will do its job perfectly 24 hours per day, seven days a week, offering your Internet-based

devices full connectivity and keeping the bad guys at bay.

That's only the ideal scenario, though. Hackers or freeloaders could sit in a car outside your home, and get access to your

data as you read this article!

So, what can you do to prevent these things from happening? Well, read this article carefully, and then apply all the things

you're going to learn from it right away. By doing this, you will be ahead of most people when it comes to Wi-Fi network

security - it's a promise!

Everything begins with your router. It can be a strong device, which is able to fight villains successfully, or the weakest link,

which facilitates their break-in into your systems.

Start by limiting the Wi-Fi broadcast power. This won't necessarily stop people from trying to connect to your network, but it

will make their job harder. The good news is that there are many rp-sma adapters and cables that can be used to extend the

router range in a particular area, if you need that.

If your router has this Wi-Fi power control feature, you will only have to flip a tiny switch that's usually located on the back

panel. That's pretty much all you can do without logging into the router.

OK, so now it's time to log into your router and change the admin user name and password. I know, you may have changed

them a few months ago, but trust me: you need to do it again.

If your router doesn't allow you to change the admin user name, dump it. Yes, get rid of it right away! Hackers have an

extensive list of default user names and passwords for each router model, and you don't want to make their lives easier by

getting half of their work done - that is, providing the correct user name.

Then, it's time to choose a real password. No, jimmy36wins doesn't qualify as a strong password, because hackers also have

huge dictionaries of words, and they have learned to use them properly. In fact, a password like that could be easily broken

within minutes!

How does a strong password look like, then? Here's the method we are using at NCC to generate completely random, highly

effective passwords.

We start pushing the keyboard keys randomly with our left thumbs, while holding down the shift key (using the right thumb)

every now and then. Here's how a potential router password set by us may look like:

R4@6Cg<[}*-JKj>/Sx#%4*Y^S7J9sH

Yes, I know it's an ugly password. But this is exactly what makes it perfect! Most hackers would need years to crack a

password like that.

So, create your ugly password and use it for your router. Don't be scared by the fact that you won't be able to remember it.

You are only going to use it once or twice per year at most, so you can safely write it down, put the paper somewhere safe,

and then forget about it.

While you are still inside the router admin area, be sure to change the network name, also known as SSID. It's the name that

people are using to connect to a particular network. To give you an example, Netgear, a network equipment manufacturer,

names its networks NetgearXYZ, with XYZ being a set of numbers.

So, why not make it harder for the hackers by changing your "Netgear" Wi-Fi network name to "Linksys", for example?

Today's Wi-Fi networks are only secure if they use the WPA2 encryption protocol, with the encryption type set to AES. Yes,

you will have to create another ugly password, which will be used to encrypt Wi-Fi data.

I know it's tempting to reuse the router admin password here, but don't ever make this huge mistake! Yes, I know that you

will need to use this password every few months or so, but it's best to write it down and use it whenever you needed.

If you've got a modern router, it includes a hardware-based firewall, which should protect you from most attacks. Be sure to

activate it!

Then, turn off any guest networks. If you've got visitors who want to use your network to access the Internet, go ahead and

create a guest network, but only activate it when it is needed. In fact, some smart router manufacturers such as Asus have

made it even easier on your end, adding the options of creating guest networks that are only valid for a couple of hours.

Disable WPS, aka Wi-Fi Protected Setup. It's a feature that makes connecting new devices to your network a breeze, but it

also introduces significant security risks. It's best to forget about it.

But don't forget to check for router firmware updates each month (or so). New fixes usually help boost Internet transfer speed

and patch any security problems that may have been discovered.