Wi-Fi networks are one of the most vulnerable elements of network infrastructure to hacker attacks. To make it harder for them, you need to introduce as many obstacles as possible, making breaking into your network unprofitable for hackers.
So, what can you do?
Set a Long, Complex Password for Your Wi-Fi Network
A long, complex password containing special characters is the cornerstone of Wi-Fi network security. Simple passwords composed only of letters and numbers can be broken using brute-force attacks within a few hours to a few days. Additionally, ensure your password is not part of a compromised password database (which has leaked online). Such databases are publicly available, and you can test your password against them.
Here’s how to create a good password:
- The password should be at least 8 characters long (this is the absolute minimum).
- It should contain at least one uppercase letter, one lowercase letter, one digit, and one special character (e.g., !@#$%^&*).
- Using spaces in passwords is also a good idea.
- Never use simple phrases or ones that could be easily guessed by a hacker, such as your name, surname, birth date, phone number, or simple sequences like 11111, 123456, etc.
Use WPA2 or WPA3 Encryption
In 2018, the latest and most secure connection encryption protocol, WPA3, was introduced. Use this protocol if all your devices support it. Currently, older devices can only use the WPA2 protocol, which still offers good encryption. Therefore, if you cannot use WPA3, choose WPA2.
It is crucial that Wi-Fi transmissions are encrypted. Nowadays, listening in on Wi-Fi transmissions only requires appropriate software and a good antenna. Data transmission without proper encryption can be intercepted even from very long distances.
Do not use outdated protocols like WPA or PSK.
Disable Router Administration via Wi-Fi
In the configuration of every router, there is an option to limit the ability to manage its settings to connections via a local wired network. This change means that configuring the router will typically require physical access to it or access through a device connected to it via cable.
Even if a hacker breaks into your network, they will not be able to connect to it by adding their device to the allowed MAC addresses (or it will be much harder for them).
Protect the Device’s Serial Number
Some devices, due to design and manufacturing flaws, may be vulnerable to attacks related to the device’s serial number. Some allow remote software updates based solely on the serial number. Knowing it, a hacker could upload modified software, giving them access to the router’s functions or damaging it.
Therefore, protect serial numbers from third-party access.
Change the Factory Default Password of Your Wi-Fi Router
Leaving factory default passwords on the router is a significant security risk. These are easily obtainable from manuals or manufacturer websites. Leaving them unchanged is like inviting hackers into your network.
Remember to change the password if you hard-reset the router settings or restore them to factory defaults. We often forget this necessity in such situations.
Disable the WPS Function After Connecting Devices
WPS (Wi-Fi Protected Setup) is a function that facilitates the connection of various devices to your router via a button press. When you press the WPS button on the router and the device, both go into pairing mode, and the router provides the device with network data, allowing it to connect and exchange data.
This function poses a threat as it can be remotely triggered on some routers. It’s never certain which router might be vulnerable, allowing unauthorized devices to connect without knowing the password.
Block Network Access for Unspecified MAC Addresses
A MAC address is a unique identifier of the network card in every device that can connect via Wi-Fi. After connecting a device to your Wi-Fi router, you can view all connected devices’ MAC addresses in the management panel. The MAC address is also typically available on the device casing.
Once you have connected all your devices to your network, block the possibility of connecting other devices by specifying allowed MAC addresses.
This will complicate connecting new devices as you will need to manually add the MAC address of each new device or temporarily disable the block, but it’s one of the best protections against unwanted guests from outside.
Hide Your Wi-Fi Network’s SSID
Hide your SSID. You can change this setting in the Wi-Fi router’s administrative panel. Although hiding your SSID isn’t a major security measure, as skilled hackers can still detect it with commonly available tools, it is an additional hurdle for potential intruders.
Use the 5 GHz Band If Possible
Modern routers typically operate in the 2.4 GHz and 5 GHz bands (simplified). Using the 5 GHz band doesn’t inherently increase security, but one important parameter matters.
The difference between these bands is that 2.4 GHz is slower but has a longer range, while 5 GHz is faster but has a shorter range. The shorter range can be practical for security – hackers will need to operate closer to your network or use more expensive and powerful antennas to detect your network activity.
Update Your Wi-Fi Router’s Firmware
Regularly (every 1-3 months), check for firmware updates for your router. Keeping the firmware up-to-date is crucial for security. It prevents or significantly reduces the risk of hacker attacks using well-known exploits often described on the internet. Knowledge on how to hack specific devices using outdated firmware is widely available online.