October is National Cyber Security Awareness month and this past October there was no shortage of great security awareness articles and advice being posted including tips to secure your home router and wireless network. The tips listed here are nothing new and it is important to know when configuring your home router no one setting can secure the network. Configuring a combination of settings for multiple layers of security will make the network and router secure.
Selecting a Channel
The first tip isn’t so much about security as it is about performance of the wireless network. If you’re not using an 802.11n router look to upgrade and before setting up the router do a quick scan for the other wireless networks in the area and the channels they are using. A free scanning utility from Metageek called InSSIDer for Home can be used to scan the wireless environment. After scanning the environment more than likely what you will find is the 2.4 GHz band and channels are very crowded and interference from these overlapping networks may affect performance of your network. The 5 GHz band will be less crowded and setting up the network to use a channel in this band should result in less interference from neighboring networks and overall better performance.
One trade-off is the 5 GHz network will have a smaller coverage footprint compared to the 2.4 GHz network. In some instances, such as in an apartment or condo complex you may want a smaller coverage area and might even adjust the routers power to a lower level to reduce the area of coverage. Again, taking advantage of the InSSIDer application you can test router placement and powers levels. InSSIDer can report the signal strength to find the best location for the router, and this up front surveying and planning will not only help network performance, but should cut down on the support issues.
Wireless network transmissions essentially have no borders and anyone within range of those transmissions could potentially capture the network traffic. Encryption of the wireless traffic is crucial and using the latest and greatest encryption standard of WPA2 is recommended. It is important to select a completely random passphrase with a minimum of 20 characters for the WPA2 key. You can read my earlier blog post for the importance of using WPA2 encryption and tips on selecting a secure WPA2 passphrase.
Never Use WEP Encryption
WEP was the original encryption standard for wireless networks and was proven crackable. Numerous utilities freely available on the internet can crack WEP encryption in minutes!
Change the Admin Password
Many, if not all default SOHO (small office home office) router passwords are widely known, or easily found on the internet with a simple search. You can configure every security setting on the router, but leaving the Admin password as the default or selecting something that is easily guessed will defeat all the security you setup. Someone logging into the router can change any setting you have made or worse yet lock you out of your own router or brick the device.
Disable SSID Broadcast
Disabling the broadcast of the network SSID sounds like a great security option and some people think this will completely hide the network, but this is for from true. Anyone with a little knowledge and the right utilities can scan the airwaves and discover the hidden network SSID, so disabling the SSID broadcast should never be relied on as an end all security setting. Always combine the hidden SSID setting with the other settings mentioned to have strength with multiple security layers.
Disable Management of the Router from a Wireless Client
Force clients to be physically plugged into the router with a network cable to log in to the management interface. This setting will not allow wireless clients to access the routers management interface to make any configuration or security changes.
Apply Firmware Updates to the Router
Every router has internal software called firmware loaded on it that manages the capabilities of the router. The router vendors occasionally release updates to their firmware to either improve functionality or patch vulnerabilities. Checking every so often for firmware updates will guarantee your router has all the latest features and security patches applied.
As mentioned a layered method of security works best to guarantee your router and wireless network is secure as possible. Someone trying to get access to your network would likely move on to an easier target after discovering the multiple layers of security.
For additional security tips be sure to check out the links below. Thanks! Dale