Back to the home page
Are you visiting this website with Chrome or Chromium? Then you might see an unjustified warning.
Secure your wireless network (wifi)
A wireless network is of course less secure than a wired network. Yet you can elevate the security of your wireless network to a good level.
There are a couple of myths about securing a wireless network. At first, I'll disprove (convincingly, I hope) the four most common myths. Then I'll name 11 security measures that are effective.
To begin with, it's technically impossible to stop the SSID broadcast entirely. Because there are at least four(!) other ways in which a router still discloses a "hidden" SSID to the world.
Together with many data packages that the router sends, it still sends the SSID. Not encrypted. Easily receivable by everyone who's in the neighbourhood. The SSID is therefore still being broadcast, even when you've "hidden" the SSID in the configuration of the router!
With common network scanners, like Kismet, it takes only several seconds before a hacker picks up a "hidden" SSID.
Hiding the SSID even creates an extra risk(!): when you've disabled broadcasting of the SSID in the network router, the connected computers have to disclose their presence continually. So they spread the SSID everywhere they go. Your laptops will therefore, everywhere you turn them on, start shouting (at short intervals): "hey, is there a network around named XYZ?".
That makes your laptops an easy target. An attacker can set up an access point with the SSID of your network, so that your laptop will connect with it automatically, without asking for permission. The attacker then can monitor all of your network traffic and maybe even access the hard disk of your laptop.
With a MAC address filter you only make things more difficult for yourself. For example when you want to access the internet with another (new?) computer. Or when you've a visitor whom you want to grant the possibility to use his own laptop, to access your internet connection.
DHCP automatically distributes IP addresses. Disabling this is useless. An attacker can almost immediately see the IP scheme of the network and grant himself a valid IP address.
(continued in the column on the right)
This website is being sponsored by Google Ads.
Are you using an ad blocker? Then you're also blocking my earnings from advertisements....
If you wish to support my website, you can configure your ad blocker to make an exception for this website. Thanks in advance....
In the configuration settings of some routers, you can even restrict access to the configuration of the router, to wired connections. Thereby excluding wireless access to the configuration. Unfortunately, not every router offers this option. But when your router does, apply this restriction.
Myth 1 in the column on the left.
John's network, but JohnsNetwork.
For clarification: "AES only" is best, but TKIP is not bad. WPA with TKIP is still reasonably safe.
Note the possible effect this may have on certain online games: sometimes you have to open a certain port in the firewall for those.
admin" or something like that). Change this in a password of your own making. Don't use spaces!
The solution to both problems is, to assume that there already is an attacker that has complete access to your network traffic, and network access to your laptop. Send only encrypted information: always use https (whenever possible). Keep Ubuntu updated. Enable the firewall (in the terminal: sudo ufw enable) and check SSL certificates of websites.
However, as could of course be expected from a feature like this (sigh...), WPS poses a massive security risk. With a simple brute-force attack, a remote attacker can recover the WPS PIN code in less than an hour, thus exposing the WPA/WPA2 pre-shared key of the wireless network.
The only solution is: disable WPS in your router straightaway. Some routers don't have the option to disable WPS; in that case, buy a new router that does. Buy it today.
Has WPS been enabled on your router? Then change the WPA/WPA2 key right after disabling WPS. Your network may have been hacked already...
a. Amplify the wireless signal of your router
b. Apply a second router in your home
c. Reduce electromagnetic radiation of computing devices
d. Install Tomato on your router
e. Put DD-WRT on your router
f. Replace Windows XP by an easy free Linux before April 8, 2014
To the content of this website applies a Creative Commons license.