Secure your Wi-Fi: 10 steps to stop hackers

The days of worrying about your data allowance are gone, courtesy to faster broadband speeds and generous tariffs. But that doesn't mean you should forget about who is using your Wi-Fi. Identifying who and what is on your network is as important as ever. An unauthorized user could be streaming pirated content, hogging your bandwidth and potentially landing you in a spot of legal bother. They could be indulging in more illegal activities, maybe even trying to hack your system.

Avast recently scanned over 4.3 million routers and found 48% have some sort of vulnerability.
Thankfully TeckQuest is here to tell you who is on your connection and how to get rid of them.



  

1. Change the Admin Password

Roll up your sleeves and head straight to the admin gateway of your router. Which shall be 192.168.1.1 for TP-Link, 192.168.0.1 for D-Link. If you swapped supplied router for one of your own, Google is your friend.

you can head over to routerpasswords.com - most makes and models are listed there, complete with login details. If this doesn't convince you to change your router from default settings nothing will...

You should change your password to something long and complex, and username if your router allows it. Long and random is great passkey advice.

A key that is over 20 characters long, with a randomly generated mix of upper and lower-case alpha-numericals, with special characters, is your best bet.

LastPass tool is best for producing randomly  generated and secure passwords.

2. Don't broadcast your router details

While you're in your router settings, you should change service set identifier(SSID). This is the name of your network that the outside world sees, it commonly defaults to the router manufacturer's name. In light of how easy it is  to find  admin logins online, best not make hacker life easy then it already is. A determined hacker isn't going to be prevented from detecting and accessing you network simply because there's no SSID being broadcast, but using a random name rather than factory default makes sense as it suggest the user is more security savvy than someone who is still broadcasting the router manufacturer.

3. Disable Wi-Fi protected setup(WPS)

Wi-Fi Protected Setup (WPS) uses the press of a button, or entry of a PIN number, to establish an encrypted connection between a device that support it and your network. Advising users to disable WPS  may appear counter-intuitive, but  its broken. It makes use of what appears to be an eight-digit PIN code - but looks can be deceiving. The last number is always  a check digit, so already the PIN is reduced to 7 numbers, which makes brute-forcing much easier. As does the fat that most routers don't include cooling-off timeout between WPS guesses. Here comes the stringer, though as far as validation is concerned, the first four digit are seen as single sequence , as the final three. That means possible number of combos just shrank from over 10 million to 11,000. No wonder pen-testing tools such as Reaver can brute-force it in matter of seconds.

4.  Update Your Firmware

Updating your router firmware boosts your security at no cost and in very little time, yet it's a step that most home and small-business users fail to take.

Why? Because your mindset is wrong. In the home and small-business the concept of "patch- management" doesn't exist - but it should. We're all used to watching windows disappear into the land of suspended resource time as it installs an update, after all. The majority of routers  will have an automatic update option, so hunt it down and enable it. Be advised that sometimes a firmware update might default back the settings-do a quick check afterwards to be safe.

5. Try a different DNS server

We've seen the DNS servers of larger providers suffer downtime so having a backup and knowing how to flick the switch is useful. The most common choice is Google Public DNS server (on 8.8.8.8

and 8.8.4.4 for the IPv4 service) or OpenDNS ( on 208.67.220.220 and 208.67.222.222).

Open your router admin panel and look for the Domain Name Server address configuration page, input a primary and secondary DNS IP. Some routers will have a third server option, and for OpenDNS this would be 208.67.222.220.

6. Install Alternative Firmware

Why would you do this? To gain functionality missing from the original firmware, specially relating to security. And why wouldn't you? your warranty will be invalidated, so it's best left to older routers. If you go ahead , you will probably find yourself choosing between DD-WRT and Tomato, which is easier to use but at cost of being feature-rich.

7. Sniff out rogue devices

How might you discover who's using your Wi-Fi? You can do this by router gateway it varies from router to router as where will that option be. There's a lot of tools to help you do the same. one of our favorite is Fling for Android and IOS. This app scans any IP range and shows what's connected in simple English. Fling spells out device's manufacturer, making it easier to identify the dozen of devices we have connected.

If the numbers don't add up. See something you don't recognize and Fling will at a touch of button displays information you need to block it from your router gateway. That you can do all of this  from your smartphone, anywhere in home or office, makes keeping tabs on who's using your Wi-Fi hassle-free.

8. Employ MAC filtering

The information that Fling revels when you want to block something from using Wi-Fi is our old friend Media Access Code(MAC), which every device connecting to a network is allocated. It's a 48 bit digital identifier used by the device to tag network packets, to be precise.

By default, your router will connect to anything that want access, provided it has the correct password. If you want to prevent a device from connecting, even if the user has correct password, that's where MAC filtering comes in.

Once you have MAC address code, you an use an online specialist site such as What's my IP or MAC Vendor Lookup to identify any piece of connected kit that you don't recognise. When you identified the culprit head to the "access control" section of your router controls, which is MAC filtering by another name. Here you can either block all new deices, so before anything can join the network you'd have to whitelist the device's MAC address or block individual devices by blacklisting thier MAC.

9. Use a Virtual Private Network

when people think of a VPN, they think of a third-party application that re-routes all the internet traffic though a proxy server - at a cost. What's less commonly considered is operating your own VPN through your own router.

This will give you the advantage of able to securely access your home network, across an encrypted internet tunnel, when you're away it gives you same end to end encryption as subscription service so you can securely use that coffee shop or hotel Wi-Fi, but with no fees or bandwidth implications. You will almost certainly need a Dynamic DNS (DDNS) service to resolve a domain name to your router as a home user, to get around the fact that most ISP's don't offer a static IP address for router the free-to-use NO-IP(noip.com) is as good as any for this.

10. Set Up a Guest Network

The trouble with passing out your Wi-Fi passkey to family and friends who visit is that, every time you do, it dilutes the security. Not only do they know your password, but they might also give it to someone else. You Could change a new password after every occasion, which is most secure, if not most convenient solution. More conveniently, and pretty secure as well, is going the whole nine yards and setting up a guest network for visitors. If the concept of properly secured guest network isn't supported by your router, all is in lost: simply buy a new router or change the firmware as mentioned earlier. The Popular replacement firmware is Tomato supports a guest mode, and means you can provide with a key that puts them on a virtual network without exposing your own connected devices.  

Hope you feel more secured now. If any question pops in that brain of yours then ask in comments.

teckquest