Help Pages > Broadband > Wireless Broadband > 7 steps to securing your wireless home network

7 steps to securing your wireless home network

Service
Keywords: Wi-Fi | Wireless | Broadband | Security Summary: Find out how to make your wireless network harder for hackers to crack into

With a few changes to your settings you can make your home wireless network more secure. Here we'll show you 7 of our most recommended tips. Most of these only take a minute or two to do and using all, or a combination of them, you'll give your home network the best possible protection.

For this guide we'll use some of the settings screens of the Thomson 585 and Netgear wireless routers as examples.

  1. Switch on encryption
  2. Change your SSID name
  3. Switch off SSID broadcast
  4. Switch on MAC filtering
  5. Change the password for web access
  6. Switch your network off if you're not using it for long periods
  7. Put your router or access point in a safe place

1. Switch on encryption

Encryption scrambles messages sent over wireless networks, making them harder for people to read. Most routers now come with encryption built-in as standard. However, you should check the settings as this is usually set to WEP (Wired Equivalent Protection). We recommend not leaving your wireless router settings like this. This is because WEP is now an old wireless encryption standard, so it doesn't offer the same advanced protection as WPA or WPA2. Because of this it can be hacked into really easily!

Ideally you should enable either WPA-PSK (Wi-Fi Protected Access, also known as WPA- Personal) or WPA2 wireless encryption, if you haven't already done this.

Wireless security options

WPA-PSK should really be the very least amount of security you apply to your network. To be even more secure use WPA2 (if your wireless router and wireless adaptor both support this). WPA2 is the latest wireless encryption standard and offers the maximum amount of encryption.

Do:

  • Change your wireless encryption key every month.

Don't:

  • Connect to unprotected wireless networks. Your usage can be monitored and a hacker can gain access your network.
  • Connect to an unprotected wireless network that asks you for a password, unless the site is encrypted. (If it is it'll have a lock symbol in the bottom right-hand corner of the screen)

[Top]

2. Change your SSID name

The SSID (Service Set Identifier) means the name of your wireless connection (you'll see this on the list of available wireless connections when you're going online).

List of wireless networks

You might think it's handy to call your home wireless network 'My home network', or something similar to identify it as yours. However, this will make it obvious to anyone else searching for available wireless connections what your network is.

Changing the name of the wireless connection to something else can put a potential hacker off. This is because they'll see you've made some effort to secure your wireless network.

Here's a few things to think about:

Do:

  • Choose a SSID name which is made up of letters and numbers.
  • Make the name as long as the maximum length allowed.
  • Change the name every few months.

Don't:

  • Use your name, date of birth, home address or other personal piece of information.
  • Re-use a name that you've used elsewhere (e.g. for a password).
  • Make your network more tempting by naming it 'Keep Out' or 'Top Secret'. It'll only make a hacker even more curious!

[Top]

3. Switch off SSID broadcast

Your SSID will be broadcast by your router or the wireless access point at regular periods. By disabling SSID broadcast you'll be making your wireless connection invisible to anyone in the area who's searching for a wireless network. This means they won't be able to log in and 'piggy back' your wireless connection. Most wireless routers come pre-configured with a 'factory default' SSID.

To disable SSID broadcast, simply go into your router's settings and uncheck the option that lets the name be broadcast. You will need to setup any new client manually, as autoscanning won't work.

Disable SSID name

[Top]

4. Switch on MAC filtering

Each device on a network has a unique code that identifies it, known as a Physical Address or MAC (Media Access Control) Address. Our next suggestion is to only allow wireless devices that you know and trust to get access to your network.

To set up MAC filtering first of all you need to know your MAC address

Step 1- Find out your MAC address in Windows:

  1. Click Start
  2. Click Run
  3. Then type cmd in the Run box
  4. Now type ipconfig /all
  5. Look at Physical Address - that's the MAC address.

Step 2 - Setup MAC filtering in Windows

Now you'll need to check the instruction manual that came with your router to see how to setup MAC filtering.

[Top]

5. Change the password for web access

The manufacturer of your router should provide a web page which will allow you to setup your hardware. (It might look something like the one below).

Web setup page

These web access pages are protected by a login screen, but often the default login details are basic and well known to hackers. Because of this you should change the default password to something stronger.

Do:

  • Choose a web access name which is made up of upper and lowercase letters, numbers and special characters.
  • Change the name every few months.

Don't

  • Keep the default web access password. It's easy to guess.
  • Use personal information, such as your name or date of birth
  • Re-use a name that you've used elsewhere

[Top]

6. Switch your network off if you're not using it for long periods

Going away on holiday, or know that you're going to be offline for a while? It's a good idea to shut your network down. Leaving yours on is like leaving your house door unlocked whilst you're out.

If you're only using the wired connections on your wireless router you can sometimes turn off Wi-Fi, without shutting down the whole of your network.

[Top]

7. Put your router or access point in a safe place

Did you know that your wireless signal is not only available inside your house, but also outside it too? A small amount of 'leakage' is fine, but the further the wireless signal reaches the greater the chance that your wireless network will be seen by others and a greater chance that attempted logins are made. Wireless signals can stretch to your neighbour's homes, or even as far as different streets.

Where you put your router or access point in your home makes a difference to how far your wireless signal reaches.

Do:

  • Put your router or access point near the centre of your home.

Don't:

  • Put your router or access point near windows. This will 'leak' your wireless signal outdoors.

[Top]

This page last updated 4th November 2008

RELATED ARTICLES

Wi-Fi (Wireless Broadband) FAQ

System Intrusion

Broadband Firewall FAQ

save this page

bookmark Bookmark this page

Post to del.icio.us

digg Digg this

print Print this page

Search help pages

Browse A-Z help index
Search Discussion Forums
Glossary of Terms
Rate this page
happy   neutral   unhappy
Has this page helped you solve your problem? Your feedback helps us to improve the help we provide.

Please note: We cannot reply to individual feedback through Rate My Page. If you need more help with a problem please use the Help Assistant. Other customers will be happy to help you with most issues at the Community Site Forum.

Sitemap

Products

Business Solutions

Member Centre

Community

Help & Support

About Plusnet

We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.

© Plusnet plc All Rights Reserved. E&OE