After the first post, I hope you all are clear about the type of encryption you use. Here are some other very important tips to ensure your wifi security.
- Adopt atleast a WPA-2 encryption:
When you set your wireless network chose atleast WPA-2 encryption. Reasons for the same have been explained in the previous post(Wifi Security – Part I).
- Don’t turn on WPS:
WPS (Wifi Protected Setup) is not always consistent. It works with the help of a nine digit PIN which Is pretty vulnerable and when guessed once cannot protect you. Nothing can stop the hacker from accessing the shared data that resides on your wireless network.
- Never keep default passwords:
Many a time’s routers come with a default password set which is generally “admin” or even a blank space. This password comes written on a document and is the simplest thing to guess. Make sure the first thing you do after setting up your router is change these passwords. Having a secure Password is an art in itself today. Still have the password your service guy set for you? Change that too immediately.
- Remove or replace SSID name:
SSID is nothing but the name of your wireless network configured with the router. Routers come with pre created SSIDs too. Change both password and names for these SSIDs. Also never keep a general name for your SSID. It might interest a third person looking forward to a network used often for doing man in the middle attack. Man in the middle attack is an attack where a third person secretively accesses the data being transmitted between two people. Unique SSID names and password makes it difficult to hack into a network.
You can even hide the name of your network. You can manually enter your network name along with the password when you wish to connect. A third person in this case will not even know your network exists while it does. This is called cloaking. However this is not a very good idea because if a hacker wants he can sniff your network and force your computer to shout out your SSID anywhere you are and then get your credentials and impersonate.
- Enable MAC Address filtering:
MAC address is a unique code of your system. You can enable MAC Address filtering after which it will only connect to systems whose MAC is known to it. However the hacker may clone your MAC address and enter into your network.
- Turn off remote login:
This is similar to having a default password but this time it’s a username. The username by default is set “admin”. It is like giving your credentials to the hacker decorated in a silver plate. Once the name is known, guessing a password is very simple. Thus make sure it is disabled.
- Say NO to wireless administrating:
Always turn off wireless administration feature. You will just need a LAN to connect while the hacker would be kept at bay.