How to safely configure my WLAN at home?
Wireless LANs can be both targets and weapons as far as hackers are concerned. A poorly secured WLAN can be exploited into gaining access to a computer, as well as a rogue access point can pose as a legitimate/trusted one and trick users into associating with it, providing hackers with a means to manipulating data. More so, hackers will be able to use your Internet connection for illegal purposes – and leave the responsibility for their acts to you, as the owner of the connection.
To establish a wireless Internet connection at home, you need an operating system that supports wireless networking, a broadband Internet connection, a wireless router, a DSL modem, or a cable modem with built-in wireless networking support, a computer with built-in wireless networking support or a wireless network adapter and the router’s set-up instructions.
Carefully read the user manual and instructions hen setting up the wireless connection. WLANs are more vulnerable if not properly set up.
Use your browser to connect your router to the Gateway IP address. See https://wiki.amahi.org/index.php/Find_Your_Gateway_IP to learn how to find the Gateway IP address on your computer and then manually input the IP address into the search bar of your browser to connect.
Enable encryption and do not mix encryption standards. Make sure you use the latest/highest encryption standard available for your computer. Keep in mind that the WEP and WPA encryption standards are older and far less secure than WPA2/WPA3. Avoid using shared key authentication. Keep in mind that no security method or encryption is 100% fool proof so always use additional security measures when accessing the Internet. You can also use a network monitoring software in order to survey the network activity of your computer and identify out of place actions or behaviours.
Use a strong router password. This is the password giving access to the router’s configuration, prohibiting anyone but you to make changes to the router’s settings (including security settings), so make it impossible to be guessed (not “1234”, “ABC000”). Instead, use a long string of both lower and upper case letters, numbers, and special characters (if the router supports them). The stronger the password, the higher the security. A weak password is easy to crack even on higher encryption standards as WPA2 or WPA3 using dictionary attacks or precomputed tables.
Use a properly configured firewall. Software based firewalls are widely recommended for single computers, while hardware firewalls are typically provided with routers for networks. Some operating systems provide native software firewalls (such as Windows OS). For Microsoft Windows home users we recommend to use the firewall in its default settings.
Use a custom SSID (Service Set Identifier, or network name) when configuring wireless settings. To do so, manually change the default name of the SSID into something unique. A default SSID indicates to hackers that the WLAN was set up by a novice and is therefore easy prey. Additionally, change the router’s factory preset details into your own, for the same reason above. Leaving router’s default names and settings on practically screams “come in” to potential hackers.
Beware the shortcomings of SSID cloaking. While some may think hiding the SSID is a good idea, it actually can backfire as a helping hand for hackers. The SSID Broadcast feature on your router can be enabled or disabled. When disabled, it makes your network invisible to users near you, but a skilled hacker can still sniff your SSID. The downside of disabling SSID Broadcast is that anyone can impersonate your router.
Enable MAC Address filtering. Every wireless networking card comes with a unique code, the MAC Address (short for Media Access Control Address). Mac address filtering only allows devices with a known MAC Address to connect to your network. However, MAC Address filtering is not a replacement for other security measures (such as WPA2/WPA3 and others) because hackers can clone MAC Addresses. Instead, it should be viewed as an additional means of protection/safety.
Disable remote login. Remote login is an easy way in for worms and other malware. Most routers have it disabled by default, but make sure it is disabled when setting up the WLAN and also periodically check from then on.