How to Prevent Your Home WiFi From Being Burglarized

Home WiFi Burglary_HEADER
There is more than one type of burglary that can affect your home. One involves kicking in the door; another involves compromising your computer. And if the intruder in this scenario has compromised your wireless network, you might as well have given them a key to the front door.

Just as home wireless networks can offer you the freedom to access your online data untethered to a physical connection, if improperly configured, that same wireless local area network (WLAN) gives that freedom to an attacker.

Fortunately, there are a number of steps you can take to make sure your wireless connection is as secure as possible.

Step 1: Avoid Default Passwords
Setting up a router and leaving the default password of the administrator account in place is what in technical terms we call a very, very bad idea. The guest account default settings should be changed as well assuming that has been enabled. Once that is taken care of, the next step is to come up with a strong password to replace the one you just removed. Much has been written about the importance of developing complex passwords in the past. If you need a few tips, start by making sure that you mix letters and numbers into the password so that the password itself is not an actual word. Stay away from birthdays, names, or anything that could be easily guessable.

Step 2: Consider Changing the Default SSID Name
The service set identifier (SSID) is the public name of your wireless network. Many times, manufacturers will use the same SSIDs for all their products. Though this does not directly impact the security of your network, if an attacker identifies a default SSID, they may be encouraged to try to attack it under the assumption that the network may also use a default password and be insecurely configured. While some argue for hiding SSIDs altogether, in truth this has little effect on security. The SSID is not a network password after all, and there are a number of tools hackers can use to discover it.

Step 3: Protecting Access Points With Encryption
Encryption is a must for protecting your wireless network. The best answer for your encryption needs is WPA2 (WiFi Protected Access 2), which is stronger than its predecessor – WPA – as well as WEP (Wired Equivalent Privacy), which preceded WPA and has been found to be riddled with security holes. Unlike other versions, WPA2 mandates the use of AES (Advanced Encryption Standard) algorithms for security. Though WPA2 is not supported by some older wireless cards and access points, try to go with the most secure option available whenever possible.

Step 4: Enable the MAC Address Filtering Feature
A media access control (MAC) address is a unique hardware identifier for your computer. By enabling MAC filtering, you can exercise more control over who can connect to your network by setting up a list of clients that will be allowed to join. Once it’s enabled, the router/access point will check the MAC address of any client that sends a request to join the network against that list. Those that are not on the list cannot join. This is not a solution for keeping an attacker off your network, as MAC addresses can be faked, so be sure to take other security precautions as well.

Step 5: Disable Remote Administration
Some wireless networking routers allow users to administer the router remotely from anywhere. If this is not absolutely necessary, there is no reason to keep this feature enabled. Doing so opens up a potential door to attackers who could exploit the situation to gain administrative access to your router over the Internet.

Remember, steel doors mean nothing if they are left open, so following a few basic steps should be step one in defending yourself from attackers.

17 thoughts on “How to Prevent Your Home WiFi From Being Burglarized

  1. I have cable internet from ComCast. ComCast upgraded their internet system, which required a new modem. The new modem includes WiFi. Can the WiFi be disabled?

      • Actually, I expect there is an option to disable WIFI. I have never seen a modem or router with WAP (Wireless Access Point) that does not include a way to disable it. The give away is one or more wired ports for connecting a desktop or wired laptop. Probably how the technician (if there was one) configured the modem during initial installation.

  2. My current wireless router (rather an old model!) allows me to change the admin User ID as well as its password, which I have done. More recent models appear not to allow this – why not? Surely changing the default ‘admin’ to something else is a useful extra security precaution?

    • Most home routers won’t allow more than the default admin user account. You can add other user accounts on some older home routers. But you cannot make changes via those other user names.

    • To answer your question – yes, definitely an improvement.

      To get good coverage in my house I have 4 different access points – each a different make/model and feature set. Only one – the one providing WAN/LAN connectivity is configured with any special features – the others are only there for the wired interconnect, rather than using wifi-bandwith for interconnect.

      All of these models provide the choice to change userid and/or password of the admin account. Most allow multiple accounts with user or superadmin perms.

      So, rather than say most do not allow – I would go with – some may not allow – multiple accounts.

      In any case, I would certainly recommend changing the default account name as well as password.

      And – queried elsewhere – if you are not using WIFI – disable it. Just be aware that to enable it later you will either need a wired device – and a wire! – or a hardware reset back to factory settings to get it back.

  3. For your information, when using wireless networking the thieves also use the “leach” method, when you go to sign in they attach to your sign in account and then have access to all your details. For example: if you use your routers account (SitecomAFF45) then when you click on it the “leach” comes in alongside and of course now has access to your pc or laptop.

  4. I have my wireless ssid set to not show not for security reasons but so that my router doesn’t get overloaded as I live with other people and they have occasionally overloaded the router with too many devices. Since i had to replace my last router due to this I now can decide who gets the information and who doesn’t which makes this more of a protection on the equipment than security.

    • Simply click on the WiFi icon located on your systems tray (It’s near or next to the volume icon on your systems tray). From there, however your home WiFi’s name, and a window will appear indicating what security type you’re currently connected to. Check out this link on how to convert from WEP to WPA2: http://www.wikihow.com/Change-WEP-to-WPA

    • Fortunately, I have never had to worry so much about external devices that I have not had to resort to this method.
      The “down” side is that visitors must always be added manually – and with all the new phones and tablets my children, their boy/girl friends, etc. bring into the house – they would be very unhappy with MAC address protection.

      Using the feature — It functions much like a firewall: deny all except the listed MAC addresses. Some models have a feature that automatically includes all known MAC addresses (sometimes identified as deny all new MAC addresses).
      I have also seen a model with MAC activation that starts with permit all and only rejects MAC addresses you enter.
      What is best for you depends on your need.
      Hope this clarifies the feature – a bit!

  5. Did all of them and then immediately turned off WIFI since I use only wired connections. I am paranoid aren’t I? But most people don’t even know I have an Internet connection.

  6. Would be most interested in any answers to the above questions. I am not overly tech savvy, some things just elude me.
    I hope to get a tablet very soon, and this newsletter and the above comments have me wondering just what my router and admin psswrds are.

  7. You should also disable WPS On your router, if you’re not using it, its a big security risk, It’s really easy to crack any password using reaver, let’s take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It’s a feature that exists on many routers, intended to provide an easy setup process, and it’s tied to a PIN that’s hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.

  8. I have just enough tech savvy to understand maybe 60% of this article. I have an older PC. Where do I look for wifi info to verify the setup?
    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *


nine × 2 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>