Secure your Wi-Fi against hackers in 10 steps
Lock down your Wi-Fi network and find devices that are stealing your bandwidth – and, potentially, your data
6. Install alternative firmware
The more adventurous user may take the "update your firmware" message a step further and install totally new firmware from an alternative source. If you think of your router as being a mini-computer, it's akin to changing the OS on a laptop from the supplied Windows install to a Linux distro.
Why would you do this? To gain functionality missing from the original firmware, especially relating to security. And why wouldn't you? Your warranty will be invalidated, so it's best left to older routers. If you go ahead, you'll probably find yourself choosing between DD-WRT and Tomato, which is easier to use but at the cost of being less feature-rich.
7. Sniff out rogue devices
Now we've covered most of the major security precautions you could take, how might you discover who's actually using your Wi-Fi? You can do this from your router gateway, and it varies from router to router as to where the option will be.
With BT's Smart Hub, you should click on the My Devices tab, for example, whereas most Netgear routers will hide the attached devices list in a Maintenance menu. There are lots of tools out there to help you do the same, and they don't have to be as complex as something such as Nmap.
One of our favourites is Fing for Android or iOS. This app scans any IP range and shows what's connected and in plain English, where possible. So whereas the BT router will often only list a device's IP address, Fing usually spells out the device's manufacturer, making it easier to identify the dozens of devices we have connected these days.
If the numbers don't add up, it's a good idea to determine why. If you only have a laptop, a phone, an Android-powered TV set and a printer connected to your hub, why are there nine devices using your Wi-Fi? And how do you know how many people are using it and what those devices are?
See something you don't recognise and Fing will, at the touch of a button, reveal the information you need to block it from your router admin gateway. That you can do all of this from your smartphone, anywhere in the home or office, makes keeping tabs on who's using your Wi-Fi hassle-free.
8. Employ mac filtering
The information that Fing reveals when you want to block something from using your Wi-Fi is our old friend the Media Access Code (MAC), which every device connecting to a network is allocated. It's a 48-bit digital identifier used by the device to tag network packets, to be precise.
By default, your router will connect to anything that wants access, provided it has the correct password. If you want to prevent a device from connecting, even if the user has the correct password, that's where MAC filtering comes in.Once you have a MAC address code, you can use an online specialist site such as What's My IP or MAC Vendor Lookup (macvendorlookup.com) to identify any piece of connected kit that you don't recognise. Fing does the MAC lookup for you in the background and then automatically displays the device maker on-screen as part of its auditing process.
When you've identified the culprit, head to the "access control" section of your router controls, which is MAC filtering by another name. Here you can either block all new devices, so before anything can join the network you'd have to whitelist the device's MAC address, or block individual devices by blacklisting their MAC.
It isn't foolproof: most devices allow their MAC to be changed in software, so a determined hacker could clone a device that you whitelist and gain access. Ultimately, if you don't want someone to use your Wi-Fi, don't give them the password. If they're already using it, then change the password to something more complex.
9. Use a virtual private network
Whether you're using the original router firmware or have installed an alternative, there's a strong chance that virtual private networks (VPNs) will be supported. When people think of a VPN, they think of a third-party application that re-routes all their internet traffic through a proxy server at a cost. What's less commonly considered is operating your own VPN through your router.
This will give you the advantage of being able to securely access your home network, across an encrypted internet tunnel, when you're away. It gives you the same end-to-end encryption as a subscription service, so you can securely use that coffee shop or hotel Wi-Fi, but with no fees or bandwidth implications. You'll almost certainly need a Dynamic DNS (DDNS) service to resolve a domain name to your router as a home user, to get around the fact that most ISPs don't offer a static IP address for your router; the free-to-use No-IP is as good as any for this.
10. Set up a guest network
The trouble with passing out your Wi-Fi passkey to family and friends who visit is that, every time you do, it dilutes your security. Not only do they know your password, but they might also give it to someone else. You could change to a new password after every occasion, which is the most secure, if not the most convenient, solution. More conveniently, and pretty secure as well, is going the whole nine yards and setting up a guest network for visitors. If the concept of a properly secured guest network isn't supported by your router, all is not lost: simply buy a better router or change the firmware as mentioned earlier. The popular replacement router firmware Tomato supports a guest mode, and means you can provide users with a key that puts them online on a virtual network without exposing your own connected devices.
In This Article
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now