WIFI Best Practices To-Do list for home users
1. Change Default Administrator Passwords (and Usernames)
All default logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately. Change the default password of your WiFi router with a stronger password (at least 12 characters and a mix of alphanumeric characters). Read this post on picking a crack-resistant password.
2. Turn on WPA2 Encryption Do not Use WEP
Use WiFi Protected Access (WPA) or WPA2 to secure WiFi communication between your laptop and
home WiFi router. Select WPA-PSK or WPA2-PSK (also often termed as WPA-Personal and WPA2-Personal). Use a strong passphrase that is at least 12 characters long and is a mix of alphanumeric
and special characters.
3. Change the Default SSID
Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. The SSID for Linksys devices is normally "linksys." Change the default SSID immediately when configuring wireless security on your network. (Best practice is to disable SSID broadcast if you have WPS).
The SSID is your network name, and your wireless cards use this like a login name to connect to your network. That's why it's so important to change it from the default value. Resist the urge to name it after yourself or anything personally identifiable -- this just makes it easier for a hacker to find or guess a targeted network's name, and you just provided the casual hacker with your name.
4. Turn off Guest Networks
Guest networks come with most wireless routers and can be used to share your Internet connection with guests while keeping the files and devices on your network private. Passwords for guest networks are generally configured with default passwords that are easily found online or no security at all. Turn off your guest networks when they are not in use.
5. Disable WPS
The only certain way to protect your Wi-Fi network from WPS cracking is to disable WPS entirely. On some wireless routers even when you turn off WPS on the menu they still keep broadcasting. So WPS depends on SSID broadcasting. (For best security: Disable SSID broadcasting), your network will no longer show up as an available network — but it also prevents WPS from working, which in turn prevents WPS cracking. This means you need to tell each device the name of your wireless SSID.
6. Disable Universal Plug 'n' Play (UPnP) on your router unless you absolutely need it.
UPnP is used for some devices like the Xbox game system. If you don't have a UPnP device, then make sure it's disabled. Otherwise, it's another potential security hole for your network.
7. Disable remote administration
Many wireless networking routers offer the ability to allow administration of the router remotely, from anywhere on the Internet. Unless you require remote administration and are very familiar with WLAN administration and security, it's a good idea to disable this feature. Otherwise, anyone connected to the Internet could conceivably gain administrative access to your router and network.
8. Enable Firewalls On Each Computer and the Router
Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.
9. Turn Off the Network During Extended Periods of Non-Use
The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.
10. Use MAC Filtering (Optional)
A MAC address is a hardware address given to a device. When you use MAC filtering, you can choose what devices connect to your network by listing the MAC address of each device. Then, all unlisted devices will be blocked. If you have multiple wireless devices, setting up MAC filtering can be difficult and is easily discovered by hacker but adds another layer. Only recommended in specific cases.