Top tips to secure your Wi-Fi network
While Wi-Fi has made it easier and more convenient to connect to a network, the fact that the signal is broadcast so far and wide can make the technology a more significant security risk. Fortunately, the best routers have the methods to lock down access, making your network more secure for regular users and guests alike. Here, we've rounded up the five best ways to secure your Wi-Fi network.
Tighten Wi-Fi security
First, to secure your Wi-Fi network, you need to make sure that its settings give you the best protection. You’ll find all the settings you need in your router’s configuration page, which is typically accessed through a web browser. First, head over to the administration section (Advanced Settings, Administration, System on the Asus BRT-AC828 router, for example). Make sure you change the router login password if you’ve not already done so, and disable Web Access from WAN (also referred to as remote or internet access).
Next, locate the Wi-Fi encryption and password settings (General, Network Map on the BRT-AC828) and make sure authentication is set to WPA2.
If you're concerned about the recent KRACK vulnerability, which let hackers connect to any wireless network, you should see if your router manufacturer has released firmware updates or explanatory notes where applicable; Asus has patched all of its routers for KRACK.
Make sure a strong network password has been set: a combination of letters, numbers and symbols, and the more random, the better. This needs to be distributed securely or use your IT staff to connect all devices on behalf of your staff so they don’t know what it is. Try to change the password on a regular basis, at least every few months or so.
Dealing with guests
If you need to give visitors, freelancers or other outsiders access to your network when on your premises, enable the guest network and direct them to this. Again, make sure it’s WPA2-encrypted with a strong password, but be sure to limit its access – the BRT-AC828 allows you to isolate it completely from your internal network or limit it to a VLAN, for example, plus set a maximum number of guests and even limit access by time (hours and minutes).
Segment your network
VLANs are a good idea in general. By segmenting your network into separate virtual networks, you can isolate different departments or parts of your business from each other without incurring the cost of installing separate physical networks. Our guide to using VLANs to isolate your network covers the subject in more depth.
Use your router's firewall
Also take the time to set up and configure your router’s firewall, which can be used to filter internet traffic in both directions, including your staff’s use of the connection. A good router should provide web content filters for blocking unsuitable websites as well as port filtering, blocking access to non-standard or risky services such as BitTorrent. Also look for a DDoS switch if it exists. Enabling this can add another layer of protection by helping to block speculative efforts to hack into your network from the internet.
Extra security
If you want to lock down and really secure your Wi-Fi network, use MAC filtering, which allows you to limit network access to devices based on their unique hardware MAC address. While these addresses can be spoofed, the effort required is another hurdle for attackers to overcome. If your network is small, also consider disabling DHCP – each device must manually supply its own IP address to connect to the network, another barrier to dissuade all but the most determined drive-by hackers.
One final thing: make sure all your devices – not just your router – are regularly updated with the latest OS and software updates, which include security patches to protect against the latest exploits.
Dealing with guests
If you need to give visitors, freelancers or other outsiders access to your network when on your premises, enable the guest network and direct them to this. Again, make sure it’s WPA2-encrypted with a strong password, but be sure to limit its access – the BRT-AC828 allows you to isolate it completely from your internal network or limit it to a VLAN, for example, plus set a maximum number of guests and even limit access by time (hours and minutes).
Segment your network
VLANs are a good idea in general. By segmenting your network into separate virtual networks, you can isolate different departments or parts of your business from each other without incurring the cost of installing separate physical networks. Our guide to using VLANs to isolate your network covers the subject in more depth.
Use your router's firewall
Also take the time to set up and configure your router’s firewall, which can be used to filter internet traffic in both directions, including your staff’s use of the connection. A good router should provide web content filters for blocking unsuitable websites as well as port filtering, blocking access to non-standard or risky services such as BitTorrent. Also look for a DDoS switch if it exists. Enabling this can add another layer of protection by helping to block speculative efforts to hack into your network from the internet.
Extra security
If you want to lock down and really secure your Wi-Fi network, use MAC filtering, which allows you to limit network access to devices based on their unique hardware MAC address. While these addresses can be spoofed, the effort required is another hurdle for attackers to overcome. If your network is small, also consider disabling DHCP – each device must manually supply its own IP address to connect to the network, another barrier to dissuade all but the most determined drive-by hackers.
One final thing: make sure all your devices – not just your router – are regularly updated with the latest OS and software updates, which include security patches to protect against the latest exploits.
