Fortifying the Beacon
Ten ways to defend your network against intrusion.
Imagine placing a filing cabinet filled with your valuables on your front lawn. How long would those items be safe? No matter where you live, odds are your personal items wouldn’t be very safe.
Now imagine you have a home network, with WiFi that is unsecured and a router password that is still the default. Most people don’t give their home network much thought, and with WiFi being so common, fast and convenient, it’s worth spending some time going over your network to make sure you aren’t just putting your precious files out in your digital front yard.
In no particular order, here are ten separate ways to protect your network against intrusion.
Change Your Router’s Default Username/Password
All networks have a router, and all routers can be configured. To configure a router, you must log in to the router with a username and a password, and all routers will come with a default username and password. Anyone who connects to your WiFi or network, can try to log into your router. If they guess your default password, or are in the house and can look at the default password on a sticker on the router, they now have quite a lot of access to configure your network. They could remove any device from the network they want, change the password to the WiFi, slow the network down, disconnect your network from the internet and other malicious things.
You can prevent this by simply changing the default password to something else. To do this, you need to find your router’s IP address. You can do this in Windows with these steps:
Open a Command Prompt window by clicking the magnifying glass by the Start button and searching for
In the Command Prompt window, type
There may be a few entries that come up, but look for
Default Gatewayunder the network interface (ie. WiFi or Ethernet) you are using. It’s a series of numbers punctuated by periods that will look something like 192.168.1.1, 192.168.0.1, 192.168.0.100, or 10.0.0.1.
Open a web browser and type this Gateway IP address into the address bar.
You’ll be presented with your router’s login page. Enter in the default credentials. You can find this out by checking your router’s user manual, checking the labels on the router or by googling the
default passwordwith your router’s make and model. See, I told you you’d want to change it.
Once logged in, follow your router’s manual to change the default password. Each router will be a little different, but it’s usually under a
Once changed, make sure your router saves this new password and then logout.
And on Mac:
Command + Spaceto open up the Terminal.
Issue the following command:
route get default | grep gateway. The relevant information returned should look like the following:
Don’t Include Personal Information in Your WiFi SSID
Your WiFi SSID (its Service Set Identifier, or its name) can often be overlooked. Most routers come with a default WiFi name, but some people will log into their routers and change the name. It’s fun to pull out your laptop and see what fun WiFi names are in your neighborhood like “Copa Cabana,” “Drop It Like It’s Hotspot,” “Stark Industries,””Mom Click Here” or “FBI Van,” to name a few, but be careful what you name your WiFi. It can be tempting to add your family’s name, your address, street name or other such information that could help an intruder identify they have the correct network.
Encrypt Your WiFi With the Latest Encryption Scheme
One of the best things you could do is make sure your WiFi is encrypted. Most modern routers these days are already encrypting the WiFi they are broadcasting. It’s a good idea to make sure this is the case. If you have to type in a password the first time to connect to your WiFi, then chances are it’s encrypted. You can verify this by:
Clicking on your WiFi icon in the lower right of your screen.
Look for your WiFi network and look for a little white padlock. If the icon has a lock, your WiFi is encrypted.
You could also look for the words
Connected, securedunder the WiFi name.
If your home WiFi isn’t encrypted, you can login to your router (see item number 9 on this list), find the WiFi security section in your router (see its manual) and select the desired encryption. Make sure your router at least supports WPA2, WPA3 is even better. If your router doesn’t have WPA2, it should be upgraded. No seriously, upgrade it.
Make Sure Your Router is Up-to-Date and Isn’t Too Old
Going along with number eight, you’ll want to make sure you aren’t using hardware that’s too old. If you are renting your router from your ISP, give them a call and make sure you have the latest model. Newer routers support better encryption and generally will have better security features.
You can take it a step further and purchase your own router. Your own router will give you more options and far more control of your network, including its security. Of course, this comes with a bit of a learning curve, but if you’re nerdy, get your own!
Be Mindful of What is Shared on Your Network
If someone does manage to get onto your WiFi, or into your network, generally there are only so many things they could easily get to. Most Windows PCs will have a shared folder, and anything you put in that folder will be, you guessed it, shared. If you do share files on your network, make sure you know what folders are being shared, and what files are in there. By default, anyone on your network has access to these files. If you want to get super nerdy, you could set up specific permissions for certain folders or files, but that goes beyond the scope of this article.
Use the Guest Network
There is no need to give your WiFi password to anyone you don’t want to. If your mother in law stays for a few days, set up your Guest WiFi network and give her access to that instead. Your Guest WiFi network will give your guests access to the internet and that’s usually it. They wouldn’t get the same access they would get if they had connected to your main WiFi. You can login to your router and setup up the Guest WiFI by following the router’s manual. Keep in mind, not all router’s support this, but if your router is nice and isn’t too old, it should.
Use the Right Amount of WiFi For Your House
If your house is small, or you live in an apartment, you wouldn’t want to buy a router with a huge broadcast distance. Cover only the area you need to cover. Make that person in the stripped jumpsuit get really close to connect to your WiFi.
Keep Tabs on What is on Your Network
Most routers will show you what devices are connected. Log into your router (see the first step) and check for a section labeled something like “Connected Devices” or “Clients.” Some devices connected will have a name and some will not. It can be a bit tricky trying to find out which are, but if you are resourceful and keep on top of things when you add them, you can have a pretty good list. These are some things I find helpful to identify devices on my network:
Look for a name. Some devices will give the router a name, making it easy
Some devices will be vague, as an example, some Android devices will only say, “Android-183hsjk373949252.”
Next I look up the IP address on the device and find that IP on the router’s list. This can be done by clicking on the device for more details.
You can also Google the first six digits of the MAC address. That will usually tell you the manufacturer of the device or the network card at least.
As a last ditch effort, I will block the device in the router’s settings and see which device loses internet or connectivity.
Wire What You Can
If you haven’t noticed, the easiest way for those intruders to get into your network is through WiFi. If you can wire all your devices with an Ethernet cable and don’t even need WiFi, then you could disable it by logging into your router and turning it off. This obviously isn’t going to be practical for most, but if you can, more power to you.
Totally Hide Your WiFi
Security through obscurity is my last tip. You can still have your sweet WiFi goodness, but tell the router not to broadcast its name and presence. Like most things on this list, this can be done by logging into your router and changing the setting. Check your router’s manual for instructions. Once this is done, to connect, you only need to perform a few extra steps:
Click on your WiFi icon in the lower right.
Scroll to the bottom and select
Type in the name and password for your hidden network.
My goal isn’t to scare, but to inform. Most hackers trying to get into systems that they shouldn’t be in focus on what is easy. Implementing these steps will ensure you won’t be worth their time, and you can rest a little easier knowing your digital filing cabinet isn’t sitting out in your front yard.