Top 10 Tips for Wireless Home Network Security

Top tips on Wi-Fi security

Many households and families setting up wireless home networks are excited to get connected and end up rushing through the process. While understandable, numerous security problems can result from hurrying through the setup process. Configuring the security features on Wi-Fi networking products can be time-consuming and non-intuitive.

These are the top ten ways to improve the security of your home wireless network.

of 10

Change the Default Administrator Passwords (And Usernames)

Netgear router password screen

At the core of most Wi-Fi home networks is a broadband router or another wireless access point. These devices include an embedded web server and web pages that allow owners to enter their network addresses and account information.

Login screens protect these web tools by prompting for a username and password so that only authorized people can make administrative changes to the network. However, router manufacturers' default logins are simple and well-known to hackers on the internet. Change these settings immediately.

of 10

Turn On Wireless Network Encryption

Netgear WPA settings

All Wi-Fi equipment supports encryption. Encryption technology scrambles messages sent over wireless networks so that humans cannot easily read them. Several encryption technologies exist for Wi-Fi today, including WPA, WPA2, and WPA3.

Choose the best form of encryption that's compatible with your wireless network. The way these technologies work, all Wi-Fi devices on a network must share matching encryption settings.

of 10

Change the Default SSID

Netgear SSID name

Access points and routers use a network name called the Service Set Identifier (SSID). Manufacturers usually ship their products with a default SSID. For example, "linksys" is typically the network name for Linksys devices.

Knowing the SSID does not allow your neighbors to break into your network, but it is a start. More importantly, when someone sees a default SSID, they view it as a poorly configured network that's inviting attack. Change the default SSID immediately when setting up wireless security on your network.

of 10

Enable MAC Address Filtering

Netgear MAC address settings

Wi-Fi gear possesses a unique identifier called the physical address or Media Access Control (MAC) address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to enter their home equipment's MAC addresses, which restricts the network from allowing connections from those devices only.

Doing this adds another level of protection to a home network, but the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.

of 10

Disable SSID Broadcast

Broadcast SSID settings on Netgear

In Wi-Fi networking, the router (or access point) typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile ​hotspots where Wi-Fi clients may roam in and out of range.

Inside a home, this broadcast feature is unnecessary, and it increases the likelihood that someone will try to log in to your home network. Fortunately, most Wi-Fi routers allow the network administrator to disable the SSID broadcast feature.

of 10

Stop Auto-Connecting to Open Wi-Fi Networks

Available networks in Windows 10

Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not usually enabled, most computers have a setting available, allowing these connections to happen automatically without notifying the user. You should not enable this setting except in temporary situations.

of 10

Position the Router or Access Point Strategically

Connecting a wireless router

Jared DeCinque / E+ / Getty Images

Wi-Fi signals usually reach the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal spreads, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example.

When installing a wireless home network, the location and physical orientation of the access point or router determine its reach. Position these devices near the center of the home rather than near windows to minimize leakage.

of 10

Use Firewalls and Security Software

Windows firewall settings

Modern network routers contain built-in network firewalls, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running additional security software on each device connected to the router.

Having too many layers of security applications is overkill. Having an unprotected device (particularly a mobile device) with critical data is even worse.

of 10

Assign Static IP Addresses to Devices

Configuring IP in Windows

Most home network administrators use Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to their devices. DHCP technology is easy to set up. However, its convenience also works to the advantage of network attackers, who can quickly obtain valid IP addresses from a network's DHCP pool.

Turn off DHCP on the router or access point, set a fixed private IP address range instead, then configure each connected device with an address within that range.

of 10

Turn Off the Network During Extended Periods of Non-Use

Wireless Router Showing Signal Beams
alxpin / Getty Images

The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in. While impractical to turn the devices off and on frequently, consider doing so during travel or extended periods offline. Computer disk drives can suffer from power cycle wear and tear, but this is a secondary concern for broadband modems and routers.

If you own a wireless router but are only using it for wired (Ethernet) connections, you can sometimes turn off Wi-Fi on a broadband router without powering down the entire network.

Was this page helpful?