In-depth

Secure your Wi-Fi against hackers in 10 steps

Lock down your Wi-Fi network and find devices that are stealing your bandwidth – and, potentially, your data

The days of worrying about your data allowance are largely a thing of the past, courtesy of faster broadband speeds and generous tariffs. But that doesn't mean you should forget about who's using your Wi-Fi. Whether you're a home or small-business user, identifying who and what is on your network is as important as ever.

An unauthorised user could be streaming pirated movies, hogging your bandwidth and, potentially, landing you in a spot of legal bother. They could be indulging in more nefarious activity, maybe even trying to hack into your systems. This shouldn't come as any great surprise when research commissioned in 2018 by Broadband Genie showed 54% of British broadband users were concerned about someone hacking their router, yet only 19% had accessed the Wi-Fi router configuration controls, and a measly 17% had changed the admin password from the default.

Avast also scanned over 4.3 million routers at the time and found 48% had some sort of vulnerability. Thankfully, there are plenty of tools and tricks to identify who's on your connection and how to get rid of them.

1. Change the admin password

Login screen showing an admin user and a hidden password

If you want to know what your wireless network is up to, you'll need to roll up your sleeves and head straight for the admin gateway of your router: BT will usually default to 192.168.1.254; Sky users should try 192.168.0.1; and all TalkTalk routers have an internal IP of 192.168.1.1. If you've swapped out the supplied router for one of your own preference, Google is your friend.

Alternatively, you can head over to routerpasswords.com most makes and models are listed there, complete with login details. And if that doesn't convince you to change your router from the default settings, nothing will...

Related Resource

Securing a remote workforce with a zero-trust strategy

Why zero-trust is the latest foundational cyber security construct for the modern workplace

Download now

Default login settings should only be used to get up and running out of the box, after which you should change the password to something long and complex, and change the username if your router allows it. Long and random is great passkey advice, which is almost always ignored on the basis that people want to join the Wi-Fi network without any hassle. Well, duh! Ask yourself this: how often does any user actually have to enter the Wi-Fi password manually? Certainly within the home, and for many small-business scenarios, the answer is usually hardly ever after the initial setup.

A key that's over 20 characters long, with a randomly generated mix of upper and lower-case alpha-numericals, with special characters, is your best bet. LastPass' tool is excellent for producing randomly generated and secure passwords.

2. Don't broadcast your router details

A Wi-Fi router sat on a living room table

While you're in your router settings, you should change your service set identifier (SSID). This is the name of your network that the outside world sees; it commonly defaults to the router manufacturer's name. In light of how easy it is to find admin logins online, best not make the hackers life any easier than it already is. A determined hacker isn't going to be prevented from detecting and accessing your network simply because there's no SSID being broadcast, but using a random name rather than the factory default makes sense. Not least as it suggests the user is more security savvy than someone who is still broadcasting the router manufacturer.

3. Disable Wi-Fi-protected setup (WPS)

WPS button being pushed on a Wi-Fi extender

Either by entering a PIN number of simply pressing a button, Wi-Fi-Protected Setup (WPS) may establish encrypted ties between your network and a device that supports the protocol. Disabling this function may not seem like a great idea on paper, but the mechanism WPS relies on is fundamentally broken. 

WPS, on paper, makes use of an eight-digit passcode, although the eighth digit is always a check digit, so the PIN is reduced to seven numbers, which makes attacks such as brute-force attempts far easier. To make matters worse, most routers don't allow for a cooling off period between attempts to crack the WPS code. If that doesn't worry you enough, the first four digits of the PIN are normally always a sequence, as are the final three, meaning the grand total of possible combinations is just roughly 11,000 - having been reduced from ten million. As such, a number of simple pen-testing tools such as Reaver are able to brute-force WPS PIN codes in no time at all.

Our list continues on the next page with a handful of technical solutions for securing a Wi-Fi network

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022