We are going to know about the “Advance Methods to Secure Your Home Wi-Fi Network” but before that, we must know the beginner methods. Do not overlook those methods just because of the name beginner because those methods are basic but crucial.
We assume that you have already checked the basic methods and you already know about Passwords, Encryption, Hidden SSID, Firmware, and how hackers hack the home network which we were already discussed in the previous blog.
We need you to focus here because, in this blog, we need a part of your technical skills to prevent our home network from hackers.
Remote Management – Should be Turned Off
We already know that when we connect our device to the Wi-Fi router then we can access the console of the router to manage the same.
But if we are not at home and want to access the router then what?
We can enable the Remote management to access the router over the internet and we should not remind you about the internet and how many hackers are trying to hack the networks over the internet. There is no need to access the router via WAN (Wide Area Network), you must disable this feature to secure your network.
If this feature remains to enable, then you are opening a door for those who are interested in your data and privacy. If you can access the router from any location so can anyone else.
WPS (Wi-Fi Protected Setup) – Convenient but Vulnerable
We always prefer an easy method but, in this case, it may lead to a major vulnerability.
Wi-Fi Protected Setup (WPS) gives a very convenient method to connect the new devices.
WPS provides 2 methods, which are as follows:
- WPS button
- WPS Passcode
WPS button: You will find a WPS button either on the front or backside of the router. It totally depends on the vendor or models. You need to press the button and then it will send a signal. From your devices, you can connect to the Wi-Fi router by bypassing the authentication.
From this method, you don’t need to enter the wireless password.
- For example: Nowadays, WPS setup Wi-Fi extenders are available in the market. You should use a LAN connection instead of WPS.
WPS Passcode: In this method, you must enter a numeric code to connect with the router and enter the network. WPS provides the connectivity for your home smart devices in such a way that if you changed your wireless password then they will remain present in your network.
Maybe you are thinking that these are the good things for your home network, but it also gives you security weakness. Even the “WPS passcode” method is easy to crack. Anyone or an unauthorized person can connect to your network.
So, please completely turn off the WPS because it is a serious vulnerability for your network security.
Assign Static Addresses – Technical but Crucial
As we already told you in the beginning that we need a part of your technical skills, here we need it to implement this method.
As you know that, all the devices in the network have an address, which is an IP address, and it must be unique in the network because this is the identity of the device. A router uses private IPs for your private network and as well as a unique public IP for the internet.
By default, a router uses DHCP (Dynamic Host Configuration Protocol) to allocate a unique IP address to each device on the network. Hackers can play with DHCP to assign an IP address to their devices, and it will be difficult for you to identify them.
If you check your Wi-Fi router’s LAN settings, then you will find the configuration of DHCP. It may vary from vendor to vendor and in different models. You must disable the DHCP server from the router and it will stop assigning the IP addresses to the devices.
After this configuration, you will see that all the devices in your network will disconnect from the network. Now, here is a tricky step, you need to enter the IP details in all the devices, which you want to connect with the router. I am providing a sample of the details and to configure the correct information as per your router, you need to confirm the router’s private IP address. By default, a router is using the Subnet mask 255.255.255.0 and its local IP for Gateway and DNS for clients (Your devices).
IP configuration details sample
- IPv4 address – 192.168.1.2 {(unique IP per device) IP range 1 – 255}
- Subnet Mask – 255.255.255.0 (Subnet Mask)
- Gateway – 192.168.1.1 (Your Router’s IP Address)
- Primary DNS – 8.8.8.8 (Google DNS Server)
- Secondary DNS – 192.168.1.1 (Your Router’s IP Address)
IP Details Configuration in Desktop/Laptop –
- Press Windows key + R – To open Runbox
- Type ncpa.cpl
- Right Click on Wireless Adapter
- Click on Properties
- Go into the Internet Protocol Version 4 (TCP/IPv4)
Configure the IP details
IP Details Configuration in Mobile Devices –
- Go to Settings
- Go to Wi-Fi options
- Scan for Wireless or if it is hidden then Click on Advance
- Go into your Wi-Fi name settings
- Click on Advance
- Configure IP details
MAC Address Filtering – Strong Layer of Security
As we told you about IP address, which is unique in private and public networks. We have another address in our machines, which is unique in the world. From that, your device can identify as a unique device, which is called MAC (Media Access Control) address. It is a physical/hardware address of a Network Card. It is made up of 12 digits, every 2 hexadecimal digits are separated by a colon (:).
For example: – 80:91:33:E0:9B:C7
It is one of the best securities is present in your Wi-Fi router because MAC address filtering gives you a strong layer of security as well as it will resolve your multiple problems.
The use of this method is you have to add the MAC address of the devices into the Wi-Fi router and then only registered devices can connect to the network. If non-registered devices try to connect with the router, then they are not allowed, even they have the password of your wireless SSID.
When my neighbors ask me for a password then I will give them with no doubt for temporary access, but I am also using MAC address filtering so, they were not able to connect their devices with my router.
Kids are loyal and naive so they can also tell the password to anyone, from this method, you can prevent your network from unauthorized access.
We recommend you use MAC Address Filtering in your network.
As promised in the previous blog, we shared the advanced methods to secure our home Wi-Fi network. If you are a technical person then it was easy for you and if not then, you learned some technical stuff, which is good for your knowledge.
We learned about IP addresses and MAC addresses and how to configure and use them to secure the network.
Zindagi Technologies provides you a strong and secure network with all the configurations handy or support. We offer you complete services from plan, design to implementation for your home and corporate network. Please feel free to reach out to us or call us at +91 9773973971.
Author
Jagjeet Singh
Senior Network Security Consultant
