Securing a Wi-Fi network is an essential step to limit the risk of malicious intrusion or hijacking of the Internet connection. Here are some good methods to implement.
One of the Essential Security
As we keep hearing, the risks pertaining to Wi-Fi connections are very real. Despite this, many consumers often neglect the security of their wireless network and do not change, for example, the credentials provided by Internet service providers or by the manufacturers of routers. Contrary to popular belief, cracking Wi-Fi network with poor security is now within the reach of the greatest number. A multitude of applications make it possible to hack a connection without any technical skill. Even if zero risk does not exist, a few relatively simple precautionary measures can considerably limit the risks.
Change the SSID and default password
Why try to crack well-protected wireless networks, when small research can find all unsecured Wi-Fi networks? Security specialists keep repeating, most attackers favor the easiest targets. To realize the absolutely catastrophic security that prevails in some homes and businesses, just go to the Shodan search engine. This service specializing in the search for connected objects on the Internet also makes it possible to find routers visible on the network. It references badly secured devices with identifiers often left by default such as admin / admin, admin / password, etc. In addition, attackers can easily obtain specialized equipment on the Web to scan remote Wi-Fi networks as well as applications to crack their passwords.
Based on this observation, it is first necessary to immediately modify the deafult identifiers (login and password). Easily retrievable from the Internet, these identifiers allow you no more and no less to access the administrator interface and take full control of a router. It is therefore strongly advised to define a complex password combining a series of letters, numbers and special characters. One of the tricks is to compose an easy-to-remember sentence with different characters: “May $ Qu1V @ ALa?”, For example. It is also better to scramble the tracks by changing the default network name (SSID) and put a name that is not identifiable (for example web_surf, Mabox…). In order to complicate the task of potential attackers.
Choose a reliable security protocol
For many years, experts advise to abandon the old WEP encryption protocol in favor of WPA2 or ideally WPA3 if it is available. With best Wi-Fi protection, the WPA2 launched in 2014 took lead in the wing following the discovery of critical security vulnerabilities, including that dubbed Crack which allowed to take control of a Wi-Fi network remotely and insert a malicious charge into it. Even though the manufacturers hastened to fill the gap, the Wi-Fi Alliance (the organization in charge of Wi-Fi protocols) hastened to accelerate the development of the new WPA3 protocol.
In all cases, it is essential to activate one of these two protocols via the security options of the administration interface of the box or of the router. In this way, the information exchanged on the network, such as the password, is encrypted and a priori inviolable. It is important to set up a complex password of at least 10 to 12 characters and to change it regularly. Without forgetting to always make updates that may contain important security patches.
Make use of MAC filtering
At a time when equipment connected to the wireless network is increasing in homes, this security measure is not really the most practical to put in place. MAC filtering (Media Access Control) consists of selecting one by one the equipment that you want to allow to connect to the Wi-Fi network. Each device equipped with a network interface (computer, smartphone, tablet, printer, connected speaker …) has a unique MAC address. Routers have an option to filter these addresses to define the devices that can connect to the wireless network. Devices that are not on the list of authorized MAC addresses cannot access the network.
Make a guest Wi-Fi network
Creating a Wi-Fi network is too rarely part of the advice on the security measures to protect a Wi-Fi network. It is, however, an essential precautionary measure, because the Wi-Fi code of the router does not allow not just access the Internet, but potentially all content stored on computers, NAS and other hard drives connected to the network. The majority of ISP boxes (Freebox Delta / Revolution, Livebox Orange, etc.) now have an option to create an independent Wi-Fi network dedicated to guests with their own WPA2 or WPA3 key. You should also make sure to configure the guest network so that it is limited to Internet access. To do this, access to the local network must be disabled in the router settings.
Try Disabling WPS
WPS (Wi-Fi Protected Setup) is a handy feature for quickly connecting new equipment to the Wi-Fi network. One of the most common connection methods is to press at the same time on the physical “WPS” button on the router and the physical or virtual button on the device to add to automatically pair it with the Wi-Fi network. Depending on the equipment, you can establish the connection by means of a PIN code to enter, an NFC near field connection, or a USB key containing the connection data.
This connection method suffers from a bad reputation in terms of security, because the signal can be relatively simple to intercept for a seasoned attacker. Critical security holes allowing cracking Wi-Fi passwords via WPS were notably discovered on Orange and SFR boxes. To limit the risks, always check that the WPS is switched off by default.
Install a router or VPN server
Installing a VPN (Virtual Private Network) server directly on a router or box is probably the best way to protect a local network. This method, reserved for advanced users, makes it possible to encrypt all the data that passes through the equipment of the house, including connected objects that cannot natively manage a VPN. To do this, please subscribe to a paid VPN subscription from a recognized provider and never rely on cheap VPNs. Free VPNs offer no guarantee and they may illegally collect all the data which pass through their servers. Free services are also far too slow to manage connections from multiple devices.
Long reserved for businesses, VPN routers are only beginning to become more popular with the general public. ExpressVPN is one of the first providers to offer preconfigured routers. It offers powerful Asus, Linksys or Netgear routers with its ExpressVPN application preinstalled. This service offers a stable and secure wireless connection, thanks in particular to an automatic reconnection system. In general, the main VPN providers are offering faster and faster speeds, close to those of the original connection. This ultimate solution undoubtedly offers the highest level of security possible for a private Wi-Fi network.