Do you know to Protect your Home Wi-Fi from Intruders?

  • Total voters
    22
D

Deleted member 178

Hi,

Some people are asking me, how do i protect my wi-fi from intruders?

not really complicated.

1- Password:

Choose a good long complicated password with special sign if possible like : @umbr4.i5.da.b3st@

2- Allow only your devices

In modern router you can filter the MAC adresses connected to your wi-fi network, this setting is usually under Wi-fi security tab .

a- count the number of devices you have > limit the number of devices in the network to their numbers (if you own 5 devices , allow only 5 devices)

b- Just collect all of your devices MAC addresses > add them to the router list > set the router to "allow" ( them) only. now any devices not listed will not connect. simple and efficient.

3- Alien devices

Now you will say "hey mate, but if my friends come to my house and want use my wi-fi , do i have to redo the procedure?"
My answer ? NO, and this is how to do:

1- your router should have the option to make hotspots, so create a hotspot
2- put a simpler password
3- you can still limit the number of devices. let say 10 , unless you often have lot of friend partying at your house :D

Conclusion:

so now you have a secure personal wifi network impervious to all alien devices , plus one hotspot for your friends
 
Last edited by a moderator:

Amelith Nargothrond

Level 12
Verified
You can also use, if this is possible (you need compatible routers and clients), only AC (so only 5GHz), disabling anything else, as you limit the number of attempted attacks by 99%. 5GHz is not very good at traveling long distances and the attacker needs to be very close for even attempting to try to hack your network.

Never use anything lower than WPA2. Any lower encryption is easy to hack.

Always change your router's interface default user and password (both if possible, not just the password).

As @Myriad said, disabling WPS is a must. But in many cases, just by disabling WPS from your original router's firmware/interface is not enough, as it is still active, just not (that) responsive. If you really need to harden your security, you should try (see if it's possible at all) to disable it logging into the router's ssh. If you have an "unbrickable" router (one that has a "second bootloader"), try to delete the entire wps related files from the router via ssh. I did it many times (some never boot after, so this is why you need this second bootloader, to upload a new firmware file and restore your router). Yeah, it logs some errors when it boots, I personally don't care. Some custom firmware even allows to to change the WPS button functionality, like it will disable WIFI, that's very nice.

You can also consider changing your router's firmware with dd-wrt-like firmware (or Merlin if you have an Asus). But, as with every other custom stuff, there are risks. But if you take them, an entirely different world opens in front of you, you can turn your $50 router into a $500 one. But this is really advanced, you may also brick your router if you don't do it exactly as it needs to be done.

You can also open an isolated guest network with N compatibility on 5GHz as well, but if you have another router or firewall before the wireless one, make sure you also isolate the firewall's subnet(s) on the guest wifi network and allow only internet access. All routers guest isolation refers only to the wifi router's internal subnets, not the one before it.

Another thing to do, but again it depends on the router, is to disable the isolated guest network when you don't need it with a mobile client because it's extremely convenient, fast and easy (and re-enable it when needed). Asus has a nice mobile client for their newer routers.

Going even further for the paranoid, you should build your own firewall and put it before the wifi router (like pfsense) and use that to secure your entire network. Disable file and printer sharing, network discovery on all your devices and on all profiles, connect to the internet always using a VPN etc. etc. etc. :)

Update 1: one thing the user never does, is to regularly update their firmware, not just when he buys the router. Most of them forget this part :)
Update 2: never ever browse the internet without https while on WIFI
Update 3: Always use a VPN on your phone, more so if you connect to public WIFI networks
 
Last edited:

Amelith Nargothrond

Level 12
Verified
Hi all

Just thought of another one .
Reading the thread here on Virgin Media got me thinking again ....

Turn off SSID in WiFi settings .

Why broadcast your network name to the whole area ? .
It's a no-lose choice .... unless you can't remember your own network's name :)
Thing is, with wardriving your wifi is easily discoverable even with the SSID turned off, and that is the first step in hacking... But it might help nevertheless.
 
Last edited:

lab34

Level 6
Hello,
about friends, hotspot... : if possible, put a firewall rule to isolate your network and the guest network.
about alien devices: if possible, reduce the power of the signal, to cover just your house.
 
  • Like
Reactions: LASER_oneXM