Top 10 Tips for Wireless Home Network Security

Change the Default Administrator Passwords (And Usernames)

At the core of most Wi-Fi home networks is a broadband router or another wireless access point. These devices include an embedded web server and web pages that allow owners to enter their network addresses and account information.

Login screens protect these web tools by prompting for a username and password so that only authorized people can make administrative changes to the network. However, router manufacturers' default logins are simple and well-known to hackers on the internet. Change these settings immediately.

Turn On Wireless Network Encryption

All Wi-Fi equipment supports encryption. Encryption technology scrambles messages sent over wireless networks so that humans cannot easily read them. Several encryption technologies exist for Wi-Fi today, including WPA, WPA2, and WPA3.

Choose the best form of encryption that's compatible with your wireless network. The way these technologies work, all Wi-Fi devices on a network must share matching encryption settings.

Change the Default SSID

Access points and routers use a network name called the Service Set Identifier (SSID). Manufacturers usually ship their products with a default SSID. For example, "linksys" is typically the network name for Linksys devices.

Knowing the SSID does not allow your neighbors to break into your network, but it is a start. More importantly, when someone sees a default SSID, they view it as a poorly configured network that's inviting attack. Change the default SSID immediately when setting up wireless security on your network.

Enable MAC Address Filtering

Wi-Fi gear possesses a unique identifier called the physical address or Media Access Control (MAC) address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to enter their home equipment's MAC addresses, which restricts the network from allowing connections from those devices only.

Doing this adds another level of protection to a home network, but the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.

Disable SSID Broadcast

In Wi-Fi networking, the router (or access point) typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile ​hotspots where Wi-Fi clients may roam in and out of range.

Inside a home, this broadcast feature is unnecessary, and it increases the likelihood that someone will try to log in to your home network. Fortunately, most Wi-Fi routers allow the network administrator to disable the SSID broadcast feature.

Stop Auto-Connecting to Open Wi-Fi Networks

Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not usually enabled, most computers have a setting available, allowing these connections to happen automatically without notifying the user. You should not enable this setting except in temporary situations.

Position the Router or Access Point Strategically

Wi-Fi signals usually reach the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal spreads, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example.

When installing a wireless home network, the location and physical orientation of the access point or router determine its reach. Position these devices near the center of the home rather than near windows to minimize leakage.

Use Firewalls and Security Software

Modern network routers contain built-in network firewalls, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running additional security software on each device connected to the router.

Having too many layers of security applications is overkill. Having an unprotected device (particularly a mobile device) with critical data is even worse.

Assign Static IP Addresses to Devices

Most home network administrators use Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to their devices. DHCP technology is easy to set up. However, its convenience also works to the advantage of network attackers, who can quickly obtain valid IP addresses from a network's DHCP pool.

Turn off DHCP on the router or access point, set a fixed private IP address range instead, then configure each connected device with an address within that range.