How to Protect Your Wi-Fi Network: Essential Tips for Home and Office

By Ava McKinneyOnline Safety

How to Protect Your Wi-Fi Network

Cybercriminals can connect to both open Wi-Fi networks and hack into closed, password-protected ones. There’s even a term for this—wardriving—which means searching for and hacking wireless networks for various purposes, from simply getting free internet access to stealing data transmitted over the compromised network. Your data can be at risk not only when connecting to public Wi-Fi, even if it’s password-protected, but also when using your own network!

The problem is that many users (maybe even you) set up a wireless access point at home or in the office but, out of ignorance or for other reasons, don’t enable encryption or don’t change the default password and network name. In the first case, the network is open and anyone can connect to it. While such private open networks are rare, public free networks are much more common. If the router owner hasn’t changed the default Wi-Fi password (and some manufacturers use the same default security key or password for all their devices), a hacker can easily guess it if they know the router’s brand and/or model. Default passwords are often listed in the router’s documentation or can be found online. Once inside your Wi-Fi network, an attacker can even gain root access to the router itself—especially if the default admin login and password haven’t been changed.

For example, if a wireless network named “dlink” is detected, it’s likely the user is using a D-Link access point, and one of the manufacturer’s standard passwords will probably work. However, it’s worth noting that many modern routers no longer allow the use of default Wi-Fi or root passwords, requiring users to set secure ones during setup.

Default Wi-Fi Passwords

Lists of default login credentials for various router models are available at tinyurl.com/mou58hz and tinyurl.com/pjop84w.

Often, you can access someone else’s network by trying one of the most common passwords. According to Kaspersky Lab research, 34% of users use simple passwords, with 17% using their birth date, 10% their phone number, 10% their name, and 9% their pet’s name. Other common passwords include: 123, 12345, 123456, 1234567, 1234567890, 0987654321, 7654321, 654321, 54321, 321, 753951, 11111, 55555, 77777, qwerty, pass, password, admin. In Russia, numeric sequences are especially popular, as shown by multiple analyses of website databases. Russian words typed in Latin layout are also used. A list of the most common passwords can be found here.

This list is provided so you can check your own network’s security—if your Wi-Fi password is on the list, or is similarly simple, it’s strongly recommended to change it immediately. For a strong password, use a mix of upper and lower case letters, numbers, and special characters. You can use password manager programs like KeePassX to generate and store secure passwords.

Additional Tips to Secure Your Wi-Fi Network

  • Don’t use WEP encryption. WEP (Wired Equivalent Privacy) is outdated and can be easily cracked by even inexperienced hackers. Instead, use WPA2 (Wi-Fi Protected Access), which provides strong user authentication using the 802.1x standard. If your devices or access point don’t support WPA2, update their firmware or consider purchasing new equipment.
  • Use a wireless intrusion prevention/detection system. Wi-Fi security isn’t just about blocking unauthorized access. Hackers can create fake access points or launch denial-of-service attacks. To detect and counter such threats, implement a wireless intrusion prevention system. These systems monitor the airwaves for rogue access points and malicious activity, block them when possible, and alert the system administrator.
  • Don’t rely on hiding your SSID. A common Wi-Fi security myth is that disabling SSID broadcast will “hide” your network from hackers. In reality, this only removes the SSID from beacon frames. The network name is still present in 802.11 association requests and sometimes in probe packets and responses. A network analyzer can quickly reveal a “hidden” SSID, especially in busy networks. Hiding your SSID can also slow down your network and make configuration more difficult, as you’ll need to manually enter the network name on each device.
  • Don’t rely on MAC address filtering. Another myth is that enabling MAC address filtering adds a strong layer of security. While it can prevent unauthorized devices from connecting, attackers can easily discover allowed MAC addresses by analyzing network traffic and spoof them on their own devices. MAC filtering can be used to limit which devices can connect, but don’t count on it for real security. Also, maintaining and updating the MAC address list can be cumbersome.
  • Reduce your Wi-Fi signal range. Routers allow you to adjust signal strength, increasing or decreasing the coverage area. If you only use Wi-Fi inside your apartment or office, lower the transmission power so the signal is only strong within your space. This makes your network less visible to outsiders and reduces interference with neighbors’ Wi-Fi.

Sources

Leave a Reply