How to secure your wireless home network

Here are 5 quick steps to help you secure your wireless network from unauthorized access. These steps are provided as general guidelines – for detailed help, please contact your hardware vendor. See the bottom of this page for links to some common wireless networking vendors.

1. Download the latest firmware for your device.
2. Change the administrator password.
3. Change your SSID and turn off SSID Broadcasting
4. Enable WPA
5. Limit access by MAC addresses

1. Download the latest firmware for your wireless router.

Firmware is software that’s embedded in a hardware device – in this case, your wireless router. The firmware that comes with your wireless router or wireless access point may be out of date. Download the latest firmware to ensure the best security and performance.

As security vulnerabilities are discovered, patches to stop them are developed. These patches are often included in firmware updates. If you’re using the default firmware that came with your wireless router, there could be several known security holes that could allow someone to hijack your Internet connection, view the files on each of your networked computers and even steal passwords or credit card numbers.

Most of today’s wireless routers allow for firmware updates, and the process is quite simple. Check the web site for your wireless device manufacturer for instructions on obtaining the latest firmware and how to install it. The Linksys support site can be found here and the Netgear support site can be found here. Additional hardware vendor support sites can be found at the bottom of this page.

2. Change the administrator password

Your wireless router’s default password should be changed immediately. All wireless routers are shipped with the same administrator user name and password. Changing the user name and password is not only the most important change, it is the easiest. In your wireless router’s configuration page, look for a link or setting titled “Admin.” If you have any trouble changing this setting, check your wireless router’s user guide.

3. Change your SSID and turn of SSID Broadcasting

Your wireless router comes with a default SSID (Wireless network name), and one of the first things you should do is change that SSID. By having a non-default SSID, you’re making it harder for unauthorized connections to your network.

By allowing your SSID to broadcast, you make it easy to add additional devices to your wireless network. However, you also make it easy for anyone with a wireless device to gain access to your network. Leaving broadcasting on is a bit like leaving your car keys in the ignition while you run into the store – you’re asking for trouble.

When you turn SSID broadcasting off, your wireless devices will have to be configured with the exact SSID that you have specified in your wireless router.

4. Enable WPA
Most new wireless cards and routers support WPA or WPA2 wireless security. Go with the one that you’re sure all of your hardware supports. WEP is no longer considered a safe way to secure your data.

5. Limit access by MAC addresses

Every network card, both wired and wireless, has a unique address assigned to it from the manufacturer. This identifier is called a MAC address. By setting your wireless router to only allow connections from specific MAC addresses, you’re greatly improving the security of your wireless network. For help figuring out what your network card’s MAC address is, please see this FAQ. Once you know each of the MAC addresses for your network cards, check the support Web site of your wireless router manufacturer for instructions on using MAC address security.

Common Wireless Networking Hardware Vendors

Linksys Support
Netgear Support
Microsoft Support
D-Link Support
Motorola Support
Apple (AirPort) Support

{ 4 comments… add one }
  • Roberto August 7, 2007, 9:59 am

    when your computer says “limited or not conectivity” but you have a gateway? and i looking in controlpanel/network and internet conections/network conections but the wireless conection its not there? how can i create if not apper the create a new conection wizard?

  • Some Guy July 22, 2009, 9:35 am

    Several of these recommendations are actually not very helpful, disabling SSID broadcast will only deter the curious and lazy, network scanners such as aircrack-ng or netstumbler will still see the BSSID and, if they catch a client re-authenticating(which can be easily arranged by sending a victim client a de-auth packet to force re-authentication), can recover the SSID as well. MAC addresses can also be monitored and spoofed, again offering no real security against an actual attack. At best, these recommendations will deter a lazy opportunist. Using the latest firmware, a strong admin password, and WPA2 (WPA1 has been cracked previously) are all good ideas and should be followed by everyone though.

Leave a Comment