In our last post we talked about how hackers can hack WiFi. To complete the series, today we will be talking about WiFi security and steps of protecting WiFi from hackers:


  1. Give Cryptic Administrator Username and Password: Wireless routers (and access points) give provision to the administrators to manage their Wi-Fi network through a special account. Anyone who knows this account’s username and password can log into the router and acquire all info. You need to change the default username and password with cryptic ones, as soon as you get access.
  1. Enable WPA / WEP Encryption: All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Naturally you need to pick the strongest form of encryption that works with your wireless network. You just need to turn on the compatible encryption standard of your router.
  1. Enable MAC Address Filtering: Each piece of Wi-Fi gear possesses a unique identifier called the MAC address (physical address). Access points and routers keep track of the MAC addresses of all devices that connect to them. This restricts the network to only allow connections from attached devices. You can do this, but also know that the feature is not so powerful as it may seem. Pro hackers and their software programs often fake MAC addresses.
  1. Change the Default SSID: Access points and routers all use a network name called the SSID. Manufacturers ship their products with a common SSID set. For example, the SSID for Linksys devices is normally “linksys.” Although only the SSID won’t enable a hack, but keeping a default SSID, invites the hacker’s attention that your network might probably be poorly configured.
  1. Disable SSID Broadcast: In Wi-Fi networking, the access point or router typically broadcasts the network name (SSID) over the air at regular intervals. At home, this roaming feature is unnecessary, and it increases the possibility of intrusion. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator. Perform that.
  1. Assign Static IP Addresses to Devices: Most home networkers tend to use dynamic IP addresses. DHCP technology is easy to set up. Unfortunately, this also benefits the network attackers, who can easily obtain valid IP addresses from your network’s DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached through the Internet.
  1. Enable Firewalls On Computer and also on the Router:  Modern network routers contain built-in firewall capability, but the disabling option also exists. Ensure that your router’s firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
  1. Position the Router Logically: WiFi signals often reach exterior. A small amount of signal leakage outdoors is not an issue, but the more this signal reaches further, the easier it is for others to detect and exploit. While installing a wireless home network, the position of the access point or router determines its reach. We must try to position these devices at the centre of our home to minimize leakage.
  1. Do Not Auto-Connect to Open Wi-Fi: Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor’s router exposes your computer to security risks. Disable the Auto-Connect option to stay secure.
  1. Switch Off the Network During Extended Periods Offline: The ultimate in wireless security measures is, shutting down your network will most certainly prevent outside hackers from peeping in! It is not possible to to turn off and on the devices frequently, but consider doing so during travel or extended periods offline.
  1. Protect Yourself from Reaver Attacks: Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS…but this doesnt work at times.

It is tested that the open-source router firmware DD-WRT when installed on a router the hackers find it unable to use Reaver and crack its password. DD-WRT does not support WPS, so here’s yet another reason to love the free router-booster.