Five ways to protect your Wi-Fi network from hackers

Posted April 26, 2011 9:22am by Phil Hornshaw

Consider the story of one Buffalo, New York man a cautionary tale.

The man’s house was raided by agents from the U.S. Immigration and Customs Enforcement agency last week, which later turned out to be a mistake. The reason? Department of Homeland Security agents traced a distributor of child pornography back to the man’s home Wi-Fi router.

The trouble was, the man wasn’t the one distributing the illicit and illegal material -- authorities say it was his neighbor, who was connecting to his Wi-Fi network. The agents didn’t have the wrong house, but it took them a week to determine that they had the wrong suspect.

For the less tech savvy among us, protecting an Internet router can be a daunting task, requiring technical know-how that gets confusing. But with just a few seconds, the router’s manual, and some understanding of what you’re looking for, setting up at least some router security can be pretty easy, and can save Internet users from issues like identity theft and an unfortunate visit from the U.S. government. Here are a few tips for keeping your network, and your data, away from those who would hijack it.

1. Set up a password - or even better - an encryption key

Adding some kind of password to your network is a way to immediately discourage probably 99 percent of the people who could jack into your Wi-Fi connection remotely, and it really is just about the easiest thing ever to do to protect yourself. All you need is the Ethernet cable that comes with a router when you pull it out of the box or installed by a cable company, and the manual that comes with the router. By using the cable to plug directly into the router, a computer can access the router’s internal settings using an Internet browser. The address (usually in the form of what’s called an IP address, generally 192.168.1.1 or something similar) gets you into the router’s inner workings, but you need the cable to access it, so it can’t be altered remotely. The router’s manufacturer password is also included in the manual (usually it’s “admin” or “password”), and you should change that too from the settings menu for added internal security to keep prying eyes out.

From there, it’s usually as simple as going to the security settings for your router and activating an encrypted password called a WEP or WPA key. This is presented in the form of a long chain of letters and numbers that the router can generate for you. You can specify a password of your own, but the router’s generated key is a much stronger encryption than using a password someone might be able to guess. Most modern computers will save passwords when you connect to your home Wi-Fi network, so you shouldn’t need to specify the network password again when signing onto the Internet, unless something gets reset.

2. Turn on MAC address filtering and router firewalls

While it is absolutely essential to use a password or encryption key to keep your Wi-Fi network secure, there are a number of other easy steps to make it even more protected.

Each computer that uses your network has a specific number attached to it called a “MAC (Media Access Control) address.” This is actually a physical number assigned to the actual Wi-Fi adapter hardware in your computer or mobile device. From the internal settings of your router, you can determine the MAC addresses of the computers that you want to be able to access your network and specify them to the router. Any device that doesn’t have the right MAC address will be denied access.

In order to set MAC addresses, you’ll need to have the devices you want to be able to use on your network connected so you can see their addresses in the router’s “MAC Address” section. There, you can usually just click a button that turns on the router’s MAC limiting setting, and then select which addresses are allowed access to the network.

Most routers also have an internal firewall program you can enable from the settings menu. This is anti-hacking software that makes a network more difficult to access from the outside, and turning it on is generally really easy. It’s also a good idea to protect your computers and devices with firewall software (Windows has one built in, but it’s not a bad idea to invest in better ones) that you can buy commercially to protect your data even further.

There is a slight inconvenience with MAC address filters, as they can complicate things whenever you want to add a new device to your network. So if your wife's cousin wants to connect to the network, for instance, you'll need to go back and add his MAC address to the router's list. Of course, this is a small price to pay for added security.

3. Change your network’s SSID and make it invisible

From within the same settings menus that you adjusted the MAC settings and turned on your encryption key, you can also set whether your Wi-Fi network is “discoverable.” This means that the router won’t broadcast its ID information (called the SSID) over the air for other devices to lock onto. Only devices that know to look for the router, like the ones you’ve already authorized to connect to it, will be able to use your connection.

Generally, you’ll find the ability to alter discoverability in the security tab of your router’s settings browser window. It’s usually a button that discusses making your network discoverable or disabling SSID broadcast. This is also a good opportunity to change your router’s SSID to something other than the manufacturer preset. There’s a reason you see so many networks named "Linksys" or "D-Link" -- those are routers that have their manufacturer defaults still activated, and they suggest to hackers that the passwords are still set to defaults as well. Either way, it’s easier for someone to get into your network when they have more information, and a manufacturer SSID doesn’t help. Change it, then make it invisible. Just remember: You don’t want your network discoverable, and you don’t want your router to broadcast its SSID. Turn those things off.

4. Assign IP addresses to your devices

This gets a bit technical, but like the MAC address filtering, it’s not nearly as complex as it at first seems. Each device that connects to the Internet does so using what’s called an IP address. Most networks use a system called “dynamic IP addresses,” which means that every time you connect to your network, the system assigns a temporary IP address to your system. That’s easy, but it also means anyone jacking into your network can get a temporary address just as easily as you can.

Instead, look for a tab in your router’s setup menu that lets you set “static IP addresses.” Like MAC filtering, you should be able to see the addresses of your devices at the moment; write them down, or specify a series of numbers to the router when you’re prompted to. These look complex (they’re usually long, like the 192.168.1.1 address), but that doesn’t mean they have to be complicated. You can actually set addresses with the same sets of numbers up front, but alter the numbers at the end to keep them consistent and easy to remember for you, but more difficult for intruders to access.

Once you set static IP addresses, you’ll have to use the numbers you wrote down on your computers when they try to connect to the network. In your Network Settings, you can specify a device’s IP address so that it always uses the same number, then you can tell your router to only allow device’s using those specified addresses to connect. While the MAC filtering will keep out some less in-the-know network jumpers, more complex hackers can get around that technology; they’ll have more trouble with your static, filtered IP addresses.

5. Avoid open, unprotected Wi-Fi networks

This is more for when you’re out in the world than at home, using your computer or smartphone to try to access the Internet when you’re at the airport or in other places. Beware of open, access-free networks. If they’re open to you, that means they’re open to other people, too, and your sensitive information can be plucked out of the air by people who have a little bit of expertise in this area.

“Free Public Wi-Fi,” for example, is a network that will often pop up in public places when you’re searching for a network. Don’t connect to it, though, as it isn’t really a free public network, and could very well be a quick and easy way for someone with ill intentions to get access to your computer.

For the most part, the best thing you can do is avoid open networks you don’t trust whenever possible. If you do decide to access an open network, limit what you do on it. Don’t access sensitive websites or use important data like your bank passwords while attached to the network. You should also take steps to keep your computer from saving sensitive Internet information that could be accessed later, like a history or cookies cache. These are bits of data your web browser saves from websites to make accessing them easier later. When you tell a website to save your password, for example, it leaves a “cookie,” or small program, on your browser for use later. You can easily clear these from your browser’s settings menu.

These are simple steps you can take to protect your network, your data and your privacy, but the technical aspect often frightens off people who aren’t familiar with their Internet hardware. Trust us when we say that it’s usually less complicated than it appears. Consult your router’s manual if you need to, and look for the keywords in your router’s settings menu: things like “encryption key,” “firewall,” “disabling broadcasting and IP” and “MAC address filters” are good. Once you set them up and write the numbers down, you should be able to breathe a little easier knowing your access to the Internet is protected.