How to Secure Your Local Wireless Network from Hackers

Converting your office LAN in to wireless network can ensure the ease of networking by avoiding the coils of Ethernet cables. When I started my networking career, it was the confusing cables that welcomed me and my team in every office and it took time to understand which cable goes to which device since most of the Ethernet cables were not properly arranged. With the popularity of wireless network by the introduction of 802.11 ac and 802.11n, we do not need Ethernet cables to transfer data fast between devices in an office because both these wireless standards offer high data transfer speed. Though wireless makes an office looks smart, it has some security issues. It is true wireless networks are more prone to hacking compared to wired network.

Avoid Risks On Wireless Networks

A sophisticated hacker can easily intrude in to a wireless network compared to a wired network. It is because wireless offers a possibility to connect to the network if one user is in its range where in Ethernet LAN, there is no such an option. However, we can prevent any unauthorized access to a wireless network by following a set of precautions like enabling proper wireless encryption, allow guests to access just guest accounts, MAC Address filtering etc.

How to Secure A Wireless Network From Hackers

  1. Configure Best Wireless Encryption

    One of the most important steps to keep intruders from your wireless network is to enable proper wireless encryption. There are wireless encryption protocols like WEP, WPA and WPA2. Currently industry's best wireless encryption is WPA2. So it is recommended to use WPA2 for your wireless network. To read more about choosing right wireless encryption for your wireless network, read the Cisco guide.
    http://blogs.cisco.com/smallbusiness/understanding-the-difference-between-wireless-encryption-protocols/

  2. Limit the Wireless Network Range

    In most of the modern wireless routers and Access Points we have an option to set the range of the wireless network. It is wise to limit the wireless range of your network just in the boundary of your office. So anyone outside the office cannot join your wireless network even if he managed to break your wireless encryption. So your wireless network is safe from intruders.

  3. Enable MAC Address Filtering

    With MAC Address filtering you can provide another layer of security to your office wireless LAN. You can set which all devices can join office wireless network by specifying the MAC Address of the devices. Since MAC Address is physical address, no other device will have same address. However, you must understand by MAC Address spoofing a talented hacker can break this wireless security. However, this step can prevent a hacker device from joining the wireless network until he identify the barrier.
    Wireless Network Keep Connecting & Disconnecting

  4. Stop Wireless Network Name (SSID) Broadcast

    Though it is useless against a skilled attacker, by hiding SSID broadcast, you can make your wireless network invisible to common users. Your wireless network remain hidden and computers will not detect your wireless network by normal scanning for available wireless networks.

  5. Enable Guest Wireless Account

    Create guest account on your wireless router and let the guests and ordinary users in your office to join that network only.

  6. Set a Custom Router Password

    Though this step is not directly protecting your wireless network against hackers, it will protect router from users in your office to access the router setup page and change wireless settings. It is always advised to change default router password after configuring it.

Other Wireless Security Articles
  1. How to Start WLAN Autoconfig On Windows 8 Computer

  2. How to Configure D-Link Wireless Access Point

  3. How to Setup Wireless & Security On Teracom Modem For BSNL

  4. How to Configure Linksys Range Expander RE1000 & WRE54G

CoreNetworkZ - Complete Network Portal

8 comments:

Sandeep R said...

Thank you Mr. George for this wonderful guide. I always Go with WPA2 enterprise encryption with RADIUS server. It is industry's best wireless security right now.

Admin said...

Thanks for your comment Sandeep

raj said...

Hi, I was said to have rom 0 vulnerability in my tdslw2type2 teracom router. I have made all tough set up , and still avast scan reveal that it is having rom 0 vulnerability. Can we block the rom O file from any body accessing thro router. There is no firmware update
i have disabled remote access, enabled SIP, disabled upnp, and changed the admin pw. Still i could not stop this problem your idea pl

Alex George said...

@Raj,

You seems have done almost every thing to prevent the rom 0 vulnerability. Only thing you can now expect is to have a firmware update from router manufacturer. May be the following link can give you more ideas but I believe you might have seen this link before.

https://discuss.howtogeek.com/t/what-is-rom-0-vulnerability-how-to-overcome-this-in-router-setting/41608

http://www.corenetworkz.com/2016/02/precautions-for-rom-0-router.html

raj said...

Hi, Thanks alex.
My router manufacturer site has an update, but there is nothing in the page 404 error.
I have seen your and HTG article. In fact, i have raised the thread there in the HTG link.
Yes of course, my dns server access point was changed by remote, preventing my internet access. I checked the gateway and then changed back to my preference to get my internet access.
Rom 0 is a configuring file, that one makes when changing the router pages, including bb pw and wifi.
What i want to know, is it flaw in net work, local area connection settings that need to be checked. Wifi limits your access to only two or three houses
Grc.com check finds, that all ports , common are stealthy. Does that not means they are closed . The gateway access point , i mention above was 169.254.90.67. I do not know which is accessing my pc to be made the internet access not available to me. Please answer

Alex George said...

@Raj,

I can recommend you add a network firewall if you are not in a limited budget other wise you must contact your router manufacturer technical support and ask them the recommended solution from their part since the update page shows 404 error.

I suggest you to install Avast and use the ''Home Network Security scanner' feature to test whether your device is still vulnerable.

If all the work-arounds fail, you will have only one option, change device. Latest models in the market seems free from Rom 0 vulnerability.



raj said...

Hi, I have changed the modem to dlink. Now i do not have rom 0 vulnerability, but instead shows weak password.
So, alex, it means that those who have older model will have to throw the device to switch to new device.
could not some provide a kind of lock of rom 0 file. I heard that when you just type your access point along with the word rom o, then it gives the option of saving your configure file. what a security lapse.
I also think that avast is doing a kind of aggressive scan and come with some kind of vulnerability or may be all the findings of avast are false positive. Thanks any how for the suggestions.

Alex George said...

It might be possible that Avast shows false alerts. If we are regularly updating the router firmware, we do not need to worry much about known bugs.