Improve Your Cybersecurity

WiFi Security 101: A Quick Guide to Safeguarding Your Network 👀

In a previous article I explained how to hack WiFi networks, and in this guide I will explain, step-by-step, how you can defend your networks from a less benevolent version of me.

What you will learn

I wrote this article as a follow-up to my previous article: How I hack WiFi networks.

Now, it’s time to share how you can avoid having someone snoop around on your network in the first place. I have tried to keep this guide short and sweet, and focus only on the essentials. 

Most people will read this and think: “I can’t be bothered going through the hassle” (despite the fact that everything in this guide could be done within 5 minutes). I would like to remind you that if a hacker gains access to your network, they are just one step away from penetrating your devices. Afterwards, they could do anything from turning on your microphone and webcam, to planting illegal materials on your computer. If that doesn’t wake you up, I don’t know what will!

I am not expecting you to be network engineers or establish sophisticated intrusion detection systems. Instead, what you’ll find here are three simple methods for securing your wireless networks from a less benevolent version of me. 

WiFi security is an often overlooked component of cybersecurity, and most homeowners and small businesses don’t bother to even check how their router is configured. But since you’ve started reading this article, it is clear that you care about your security more than most.

In this short guide, I have provided step by step instructions on some clever methods to reduce your attack surface. Note that this advice is aimed at Individuals and home owners, not medium to large sized businesses. For the latter, we will explore concepts such as RADIUS, and thus this will warrant a further, much more thorough article.

A word of warning: we will be making some changes to how your WiFi is configured, and whilst they will work in most cases, everyone will have different circumstances and different configurations. If you experience any problems, please drop me a message by clicking here. You are responsible for your actions and this article is guidance only… proceed at your own discretion. 

Let's start by exploring how WiFi networks work 🧐

Let’s delve into the distinctive aspects of wireless networks, focusing primarily on differences in frequencies and encryption protocols. Commencing with frequencies, wireless networks operate on two main bands: 2.4GHz and 5GHz.

2.4Ghz Frequency

The 2.4GHz frequency, being more prevalent, often encounters congestion due to the widespread use of devices like routers, smartphones, and IoT devices. This overcrowding can result in interference, making it more susceptible to specific types of attacks such as signal jamming and eavesdropping. Furthermore, the 2.4GHz spectrum’s extended range increases vulnerability to long-range attacks. So for instance, with the right equipment a hacker could launch an attack from several blocks away.

5Ghz Frequency

In contrast, the 5GHz frequency offers a less crowded and more expansive spectrum, delivering higher data transfer rates and reduced interference. However, the shorter range of 5GHz signals poses challenges for attackers attempting to exploit vulnerabilities from a distance. Despite these advantages, it’s essential to note that not all devices support 5GHz, potentially limiting the scope of penetration testing.

How WiFi is Encrypted

Transitioning to encryption protocols, safeguarding wireless networks is crucial to thwart unauthorised access and data breaches. Common encryption standards encompass WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access), and WPA2/WPA3. Ethical hackers must acquaint themselves with the vulnerabilities inherent in these protocols.

WEP Encryption

WEP, once widely utilised, is now deemed highly insecure due to susceptibility to various attacks. In short, if you are using WEP it is almost inevitable that you will be hacked.

WPA Encryption

WPA improved security by introducing dynamic encryption keys, but WPA2 became the standard for addressing vulnerabilities present in its predecessor. The latest version, WPA3, enhances security further with features like individualised data encryption for each user, but we won’t discuss the latter in this article. Most people now use some form of WPA2.

Step one: enter our router's IP address in your browser ✅

To make some of the configuration changes in this guide, we will need to enter the router’s IP address in your web browser. Before you start looking at the back of your router or even in your instruction manual, copy each of the following IP addresses and paste them in the search bar at the top of your browser. These IP addresses are the default for most routers.

				
					192.168.1.1
				
			
				
					192.168.0.1
				
			
				
					192.168.0.254
				
			

Once you find the correct IP address, you should see what looks like a web browser on your screen. This will vary widely depending on who your Internet Service Provider (ISP) is, and what router you are using. My router’s default IP is 192.168.0.1

After completing this step you should see an option to enter your password. I would be worried if there was no such option, as then anyone could begin modifying your network!

Let us start by using strong credentials ✅

Not all networks will come with a strong set of credentials. In my case, my ISP prompted me to change my password immediately after signing in to manage the router. Your provider may not prompt you to do so, and you will have to locate the credentials management feature in your dashboard.

A strong password is at least 16 characters, containing a combination of letters, numbers, and symbols (!$%). I always encourage people to use a passphrase as opposed to a password. A passphrase is an easy to remember sentence containing at least three words. Don’t forget to use numbers and symbols too. 

It's a good idea to periodically check who is connected ✅

Most routers will support this functionality. Your dashboard may look different from mine, but there should be an option within your dashboard to see which devices are connected to your network, as shown in the below screenshot.

You can see the device name, it’s MAC Address, it’s IP address and port, it’s connection type (ie. ethernet, or WiFi) and the speed.

We will cover MAC address filtering later in this guide. A MAC address is a unique code of numbers and digits assigned to each device. MAC addresses can be spoofed, and hackers will do this to anonymise themselves on your network. You can learn more about this in my guide to hacking WiFi networks, which you can find by clicking here.

Now, let's disable WPS ✅

So by now, you have entered a secure set of credentials. If you haven’t, there is no point completing the remaining steps in this guide as you could be compromised due to weak credentials.

Let’s move on to another security quick win! In this section, we will disable WPS.

What is WPS, how does it work, and why is it insecure?

WPS is one of the simplest ways by which a network operating WPA encryption (which is most likely the encryption that your network employs) can be compromised.

So what is WPS?

WPS stands for Wi-Fi Protected Setup. It is a feature designed to simplify the process of connecting devices to a secure wireless network. The primary intention behind WPS is to provide an easier method for users to set up a secure wireless connection without having to manually enter a long and complex passphrase.

Put simply, instead of having to enter your network’s password when you try to connect to your network, you enter a simple eight digit pin.

WPS typically offers two methods for connecting devices:

  • Push Button Configuration (PBC): Users can press a physical or virtual button on the router and then activate WPS on the device they want to connect within a short timeframe.
  • PIN Entry: Users can enter a short Personal Identification Number (PIN) either manually or through a device’s interface to establish a connection.

While WPS aims to enhance user convenience, it has significant security vulnerabilities. The PIN method, in particular, is susceptible to brute-force attacks, where an attacker systematically tries all possible PIN combinations until the correct one is found. Additionally, some implementations of WPS may have inherent weaknesses that can be exploited by attackers.

Due to these security concerns, it is often recommended to disable WPS on your router to prevent potential unauthorised access. Many modern routers allow users to deactivate WPS through the router’s settings or web interface, enhancing the overall security of the wireless network.

How can I disable WPS?

Let’s move on to disabling WPS from your router’s configuration panel. First, look out for an option titled ‘WPS’. If you can’t see it, keep looking as it will almost certainly be an option on any modern router.

In my case, I can find the WPS configuration under Wireless > WPS. Upon clicking on it, I see the following panel as shown in the screenshot below. Having a Push Button for WPS isn’t the biggest risk in the world, but having a WPS Pin should not be enabled. I described what each of these options done in the previous passage. 

Please deactivate the WPS PIN option if you already see it as enabled. After this is done, proceed to the next step.

Now its time to hide our SSID ✅

While changing your SSID adds a layer of protection, hiding it takes an extra step to conceal your network from casual observers.

When you hide your SSID, your network doesn’t broadcast its name, making it less visible to potential intruders scanning for available networks. While this doesn’t provide absolute security, it adds an additional obstacle for attackers attempting to identify and target your WiFi network.

Keep in mind that hiding your SSID is not a foolproof security measure on its own, and it’s essential to implement it in conjunction with other security practices. When combined with MAC filtering and a customised SSID, the cumulative effect is a more resilient defense against unauthorised access and potential cyber threats.

To hide your SSID, access your router or access point’s administration interface and navigate to the wireless settings. Look for the option to disable SSID broadcasting. Once disabled, users won’t see your network in the list of available connections when scanning for WiFi networks.

While hiding your SSID adds an extra layer of security, it may also bring some inconveniences. Devices that need to connect to your network will require manual entry of the network name, which could be cumbersome for guests or new devices. Therefore, consider the trade-offs and evaluate whether the additional security outweighs the potential inconvenience in your specific use case.

Lets set up MAC Address filtering ✅

If you’ve reached this point in the guide and have implemented everything I have said, congratulations! You have taken proactive steps towards a much more secure wireless network. Now, we will look at MAC address filtering.

What is MAC Address filtering?

One valuable tool often underutilised by users is MAC (Media Access Control) filtering. MAC filtering adds an extra layer of protection to your wireless network by controlling which devices are allowed to connect based on their unique MAC addresses.

Every network-enabled device, such as smartphones, laptops, and IoT devices, possesses a unique MAC address assigned by the manufacturer. MAC filtering involves creating a whitelist of approved MAC addresses on your router or access point, permitting only those devices to connect to your network.

Implementing MAC filtering provides several advantages in bolstering your WiFi security. Firstly, it acts as a barrier against unauthorised access. Even if an individual manages to crack your WiFi password, they would still be unable to connect unless their device’s MAC address is on the approved list. This adds an extra layer of defense against potential intruders.

Remember: MAC addresses can be spoofed by attackers

However, it’s essential to note that MAC filtering alone may not be foolproof. While it enhances security, it should be complemented by other robust security measures such as a strong WPA/WPA2 passphrase and regular password updates. Additionally, it’s crucial to be aware that MAC addresses can be spoofed, and I described how this can be done in my WiFi hacking guide.

How to implement MAC address filtering

To implement MAC filtering on your router or access point, access the device’s administration interface through a web browser and navigate to the security settings. From there, you can typically find an option to enable MAC filtering and input the MAC addresses of the devices you want to allow.

I have provided a screenshot of my router’s default MAC Filtering configuration panel below to show what your interface would contain.

Paranoid? I will have a more comprehensive guide coming soon:

This guide has covered how individuals can protect their home networks from people like me 🙂

There are, however, more steps that you can take to secure your networks. These include RADIUS, DMZs, reducing signal strength, and setting up IDS (intrusion detection systems). I will create a separate guide in the future covering how to secure enterprise networks which by their nature require considerably more security. I would love to email you when the new guide is ready, so please sign up by clicking here

Wrapping it all up...

In this guide I have shared some simple tips and tricks that you can use to defend your network from cyber criminals. We have looked at how to access our router’s configuration panel, disabling WPS, ensuring our credentials are strong, hiding our SSID, and a few other bits and bobs.

In order to truly know how to defend your WiFi network, it is also important to learn how they are hacked in the first place. Click here to read my step by step guide to ETHICALLY hacking WiFi networks.

Hey! Can we make it official? 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. I promise not to spam you, and you can count on me to keep your data safe 😇

Improve your cybersecurity

DNS Security 101

The 14 types of malware 💣

WiFi Security 101: A Quick Guide to Safeguarding Your Network 👀

Why it’s a good idea to have multiple email addresses 👍

The simple trick to protect you from 86% of Windows threats 😮

This is how you should THINK about your cybersecurity 💭

Fifteen Steps to maximising firefox privacy 🔒✅

Download the complete FireFox checklist that I give to my counter-surveillance clients – completely free of charge! I will take you step-by-step through advanced Firefox Configurations that will help you maximise your privacy, security and anonymity. 

Enter your details below and I will email it to you straight away. And don’t worry, your data is safe with me 😇

Access free subscriber only content 😘

I would love to share my latest ethical hacking, defensive security, OSINT, and anonymity guides with you. But I’ll need you to trust me with something… your email address. Your data will be encrypted and I will never sell it to third parties 😇

UK Cybersecurity Company

About Aitken Security

Aitken Security is a UK Cybersecurity Company specialising in offensive and defensive security.