Securing Your Wireless Network

A mobile device can connect to your wireless network wherever it is within range of the signal strength from your wireless router. This also means that other people may be able to access your wireless network so personal data security is important.

Data tapping. Encrypt or protect your own data when you are sending sensitive or personal information via the wireless network.

Unauthorised wireless network access. Take measures to prevent unauthorised users or intruders from using your wireless network by:

establishing a list of computers which are allowed to use your wireless network. Wireless routers are usually able to establish a list of MAC addresses that can use the wireless network. A MAC address is a unique serial number of the wireless LAN card install in each computer. Computers with wireless cards that are not registered with your wireless router will not be able to use your signal, and/or

Use a secure password key for your wireless network. Other people cannot use your wireless network without knowing the key, and/or

Hide the of your wireless network from being broadcast. All devices attempting to connect to a specific wireless network must use the same SSID. Other people cannot use your wireless network without knowing the SSID name.

Tips on Configuring A Wireless Broadband Router at Home

How Do I Select My Wireless Network Mode?

In general, a wireless network can be operated using three different topologies; infrastructure mode, ad-hoc mode and bridging mode. When a wireless network operates in ad-hoc mode, client stations are connected directly and no access point is required. Using this mode, a potential attacker can gain access to a client station easily if the client station is improperly configured. Unless there is a specific business need, the ad-hoc mode should be disabled on wireless devices.

How Do I Locate My Wireless Broadband Router Securely?

Avoid placing the router against an outside wall or window, or against a common wall with an adjacent home to ensure that the signal does not extend beyond the required area.

To ensure that unauthorised people cannot tamper with your router, try to place it in a physically secure location.

Some routers allow you to reduce the output power of the device. To minimise leakage outside the coverage area the wireless network is meant to service, turn down the broadcast power, if possible. This is one way to prevent too strong a signal from extending beyond the desired wireless broadcast area and being accessible to the "outside" world.

How Can I Configure My Wireless Broadband Router Securely?

User name and Password
Change the default user name and password because they are often easily cracked by attackers. Some manufacturers might not allow you to change the username, but at least the password should be changed.

Broadcast Network Name (SSID)
Disable SSID broadcasting or increase the "Beacon Interval" to the maximum.

Wireless Network Name or SSID
Change the default SSID. The new SSID should not be named to reflect your name or other personal information, otherwise the information could aid an attacker in collecting reconnaissance data about you.

Encryption (WEP/WPA/WPA2/WPA3)
Whenever possible, WEP and WPA should be avoided. Instead, use WPA2 or WPA3 if it is supported on the device.

Authentication Type (Open Authentication or Shared Key Authentication)
The shared key mechanism should never be used. Instead, a stronger mutual authentication as defined in the 802.11i standard should be considered.

MAC Address Filtering
Enabling MAC address filtering is recommended as another layer of protection.

Dynamic Host Configuration Protocol (DHCP)
Disabling the DHCP feature, if possible, is recommended, as DHCP makes it easier for malicious attackers to access a wireless network.

Click here to learn more about wireless network security.