Everyone wants their family to be safe in their home and this includes while using the Wi-Fi. But few people know how to secure their home Wi-Fi.
No computer network is completely secure. The only time a device is completely secure is when it is turned off. However, there are some simple steps you can take to make your Wi-Fi dramatically more secure and safe for you and your family to use.
1. Change the name of your router. Home Wi-Fi routers come with a preset name that typically includes the manufacturer’s name. Hackers have a catalog of attacks to use against each manufacturer’s devices. By changing the name, they can’t immediately use their catalog.
2. Change your Wi-Fi router’s password. This is the password you use to login to your router and change its configuration (not the Wi-Fi password). It is the admin password and chances are you didn’t even know about this password. If someone gains admin access to your router, they can open it up and allow themselves access to all the devices on your network.
Your Wi-Fi router comes with a preset password. In many if not most cases the preset password is “password” or “admin”. Hackers know this of course, so it is the first thing they try to gain access to your router. Change this password to something really hard to guess, preferably one of those passwords your browser suggests with letters, numbers, special characters and long in length. You rarely have to use it and if you lose track of it, you can recover by resetting your router. But you will have taken a big step to secure your home network.
3. Change the name of your SSID. Home Wi-Fi routers come with a default SSID that includes the manufacturer’s name. As with the name of the router, the default SSID provides hackers clues on how to attack your router.
4. Change your Wi-Fi password. This is the password you use to connect your phone, computer or other device to your Wi-Fi. Make this something hard to guess as well, maybe not as crazy as your router password, but it should be a strong password. This should only be shared with the members of your household.
5. Change the security setting for your Wi-Fi. There have been several standards through the years used to secure access to Wi-Fi networks, WEP, WPA, WPA2 and now WPA3. The latest standard is WPA3, but not every device supports it. Most devices today support WPA2 and it provides a good level of security. If all your devices support WPA3, use it. If not, use WPA2. You can figure this out by changing the setting in your router to use WPA3. If all your devices work after reconnecting, you are good to go. If not, change the setting back to WPA2.
6. Keep your router’s firmware up to date. Today’s routers are built largely with Open Source software. Since the code is available, researchers and hackers are finding new vulnerabilities every day. If your router is still supported by the vendor, they will regularly release new firmware to protect against the latest vulnerabilities. By keeping up with the firmware changes you are keeping your router protected. If your router is no longer supported, you should replace it with one that is ASAP.
7. Enable a guest network and use a password different from your main Wi-Fi network. A guest network is different from your main Wi-Fi network. In most of today’s Wi-Fi routers, the guest network implements network isolation and device isolation. This means that devices on the guest network cannot access or even see other device on your home networks. All they can do is access the internet.
While you trust the people you invite into your home, you shouldn’t trust their phones or other devices. Their phone could easily be infected with malware without them ever having a clue. If you let their phone on your main Wi-Fi network, it can infect all your devices.
8. Put your IoT devices on your guest network or a separate VLAN with device isolation, if your router supports it. This prevents any IoT device on your network from accessing other devices on your network.
9. Disable ping responses from your router and turn off remote management. Ping is a method to detect if a device is on a network. One device sends a ping command to an IP address and if there is a device on the network at that address it returns a ping response. The first step in attacking a device is knowing it exists and using ping with a range of addresses is a favored way to make a list of devices to attack. If your device doesn’t respond to ping requests, it won’t make the list. It doesn’t mean it won’t still be a target, but you have made it more difficult for hackers.
The same goes for remote management. If it is turned on, then it will respond to login attempts. It gives hackers an opportunity to find a way into your router, especially if you have a weak password. If it is turned off, you have removed that opportunity.
These steps will make your home Wi-Fi network much more secure and everyone should do them.