Protecting Your Internet Network
Protecting Your Internet Network
Lock down your Wi-Fi network and find devices that are stealing your bandwidth – and, potentially, your data
1. Change the admin password
If you want to know what your wireless network is up to, you'll need to roll up your sleeves and head straight for the admin gateway of your router: Providers usually default to 192.168.1.254, or 192.168.0.1, or 192.168.1.1.
Default login settings should only be used to get up and running out of the box, after which you should change the password to something long and complex, and change the username if your router allows it. Long and random is great passkey advice, which is almost always ignored on the basis that people want to join the Wi-Fi network without any hassle. Ask yourself this: how often does any user actually have to enter the Wi-Fi password manually? The answer is usually hardly ever after the initial setup. A key that's over 20 characters long, with a randomly generated mix of upper and lower-case alpha-numerical, with special characters, is your best bet.
2. Don't broadcast your router details
While you're in your router settings, you should change your service set identifier (SSID). This is the name of your network that the outside world sees; it commonly defaults to the router manufacturer's name. In light of how easy it is to find admin logins online, best not make the hackers life any easier than it already is. A determined hacker isn't going to be prevented from detecting and accessing your network simply because there's no SSID being broadcast, but using a random name rather than the factory default makes sense.
3. Disable Wi-Fi-protected setup (wps)
Wi-Fi-Protected Setup (WPS) uses the press of a button, or entry of a PIN number, to establish an encrypted connection between a device that supports it and your network. Advising users to disable WPS may appear counter-intuitive, but it's broken. It makes use of what appears to be an eight-digit PIN code – but looks can be deceiving. The last number is always a check digit, so already the PIN is reduced to seven numbers, which makes brute-forcing much easier. As does the fact that most routers don't include a cooling-off timeout between WPS guesses. Here comes the stinger, though: as far as validation is concerned, the first four digits are seen as a single sequence, as are the final three. That means the possible number of combos just shrank from over ten million to around 11,000. No wonder pen-testing tools can brute-force WPS in a matter of seconds.
4. Update your firmware
Broadband Genie shows that only 14% of broadband users update their router firmware – and, to be honest, we're surprised it's that high. If you're one of the 86% who does not, do it today. Updating your router firmware boosts your security at no cost and in very little time, yet it's a step that most home and small-business users fail to take.
5. Try a different dns server
Just as you can install an alternative to the firmware that runs your router, you can choose a different Domain Name System (DNS) server instead of the ISP default. There may come a time when the DNS servers used by your ISP come under attack, by a distributed denial-of-service (DDoS) attack, for example, someone changing the DNS to effect a cloned banking fraud. The bigger ISPs are a target for this since the consequences of hacking their DNS servers would be enormous.
We've seen the DNS servers of the larger providers suffer downtime, so having a backup and knowing how to flick the switch is useful. The most common choice will be the Google Public DNS server (on 8.8.8.8 and 8.8.4.4 for the IPv4 service) or OpenDNS (on 208.67.220.220 and 208.67.222.222). There's a setup guide at pcpro.link/271dns, which details changing your DNS for home routers, laptops, smartphones and servers.
Essentially, though, open your router admin panel and look for the Domain Name Server addresses configuration page; input a primary and secondary DNS IP. Some routers will have a third server option, and for OpenDNS, this would be 208.67.222.220. And that's it, other than to test it's working by hitting the Test button on the OpenDNS guide pages.
Certain providers prevent you from adjusting the DNS server addresses in their own-brand routers, but you can still set individual computers to seek alternate servers.