How can I secure my home wireless network?

Wireless Local Area Networks (WLANs) and Wi-Fi allow you to access the Internet at broadband speeds without the need for a completely wired network, and allow many different workstations to use one central access point.

However, wireless networks have security risks beyond those of a typical wired connection: since anyone within range can potentially connect to your wireless access points, you should take extra security precautions when setting up your home wireless network. The methods listed below vary in their effectiveness, but a hacker will probably try to find the path of least resistance to break into a network. The more of these measures that you take, the greater the chance that someone will move on and attempt to locate a less secure network.

UISO recommends taking the following actions to secure your wireless network and your computer:

Stay up to date with patches and updates

As with any computing device, your router has special operating software called firmware. Most commercial companies will release patches or updates to that firmware. While these are not frequent, they can often fix security vulnerabilities in the hardware. You can likely check for updates in the router administration area.

Another effective practice is to ensure all updates and patches are applied to the devices connected to the network. Gaining control of one device on the network, especially an older, forgotten machine, gives an attacker a foothold to move on to other, more valuable targets. If you're not using a computer or other device, turn it off, or at least disconnect it from the Internet, if possible.

Choose a strong administrator password

Most routers require an administrator password to access the setup and configuration settings. However, the default passwords for these routers are generally weak, and some have none at all.

You should change the default password to something strong; for ideas on creating a good password, see About your IU passphrase. Once you have set up your wireless network, you will probably not need to use this password frequently, so you can use a very strong password without worrying about the difficulty of typing it in. If you do lose the password, you will have to reset the router to factory settings and set up your network again. You may wish to consider passphrase vaulting to store these passwords.

Some routers will also let you change the administrator name; this is another good way to protect the security of your WLAN.

Disable remote administration

Many wireless networking routers offer the ability to allow administration of the router remotely, from anywhere on the Internet. Unless you require remote administration and are very familiar with WLAN administration and security, it's a good idea to disable this feature. Otherwise, anyone connected to the Internet could conceivably gain administrative access to your router and network.

Use encryption

For best security, you should enable or set an encryption password. All Wi-Fi equipment will support a form of encryption; you should choose the type that is most secure and will work across all the devices you need to connect.

If possible, use WPA2 (Wi-Fi Protected Access). If you are using a home wireless network, you should choose WPA2 Personal. Some older devices may be unable to connect to a WPA2 network; in these cases, use WPA.

There are still some old devices that may not even be able to connect to a WPA network, and will require WEP (Wired Equivalency Privacy). While WEP encryption is slightly better than none at all, WEP is not considered secure, and you should avoid using it. If you do need to use WEP encryption, be sure to choose a very strong password, and change it relatively frequently.

Change your default SSID

Your SSID (Service Set Identifier) is the name of your network. Most commercial products have a default name (e.g., Linksys routers are usually set to "linksys"). You should change this default name to a unique, robust name, preferably a longer one with letters and numbers. Your new SSID should not contain sensitive or personally identifiable information such as your name or address.

Use MAC address filtering

MAC addresses are unique to each network adapter, whether wired or wireless. Most wireless routers offer some sort of MAC address filtering, which will limit access to your wireless network to specifically allowed devices.

Specifying permitted MAC addresses can be time-consuming, especially if you have many wireless devices or change them frequently. Also, a knowledgeable hacker can easily spoof or fake a MAC address, so you should not rely on filtering to protect your WLAN. Because MAC addresses are so easily spoofed, security experts do not consider MAC address filtering a viable security practice.

This is document avat in the Knowledge Base.
Last modified on 2013-02-19 00:00:00.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.