WiFi: limited security whatever you do
The first advice is that you do not believe that it will be possible to make your WiFi network completely resistant to attacks. The technology has a few flaws. First, it relies on waves traveling through walls: so the signal is accessible from anywhere in your home, this is especially true if you live in an apartment in the city.
The second problem is that encryption is no longer absolute security. Known and well-documented vulnerabilities (especially WPS) make it possible, for example, to access wireless networks without trying to guess the key on certain routers that haven’t been updated. WEP and WPA passwords are now easy to crack. And since last year, WPA2 encryption has also been compromised.
Since then, the WiFi Alliance has announced WPA3 encryption, which will make it possible to save some time from hackers. But more generally routers such as WPA3 compatible devices are still rare. And in the end, anyway, we expect the pirates to find a new parade…
Therefore, the first way to strengthen the security of your WiFi network is to strengthen the security of those most at risk of being hacked, namely the devices connected to your network. Hence the importance of, for example, a firewall directly on your computer rather than relying on your router.
Password, security…: basic advice
Let’s start with common sense advice, which is unfortunately not always respected. If you already know these, move on to more advanced tips and/or methods we don’t recommend.
Choose a strong password for your WiFi network
Generally, your WiFi network is managed by your carrier’s box. This generally means that your carrier has already assigned you a very complex connection key that you do not need to change. Unless your box is in public areas and you don’t want to prevent anyone from connecting with the code pasted on the box label.
Either way, if you change it, choose something that’s both mnemonic and safe. In this article, we give you solid advice for choosing better passwords. One of them is to create your passwords as sentences (sequences of descriptive words) rather than strings of numbers, letters and special characters.
Choose the highest password compatible with your devices
In general, all routers offer the following encryption methods (the most secure in the list in bold):
- 64-bit WEP
- 128-bit WEP
- WPA-PSK (TKIP)
- WPA-PSK (AES)
- WPA2-PSK (TKIP)
- WPA2-PSK (AES)*
- WPA/WPA2-PSK (TKIP+AES)
* this is the strongest password on most routers, unfortunately not what many users believe…
More recently, some devices also offer this method:
More advanced tips for securing your WiFi network
Along with the basic advice, a few actions will allow you to increase security a few steps to reduce the risk of any attack.
WPS for Wi-Fi Protected Setup is a technology initiated by the Wi-Fi Alliance to simplify connecting a device to a Wi-Fi network. To verify the pairing of a device with the WiFi network, press the button to change the password. But there are several WPS connection methods. One of them is based on an eight-digit PIN code – set at the factory, sometimes older models have 12345678.
But newer models with other WPS connection modes have other flaws. For example, an attack on the protocol was demonstrated in 2017 on Livebox 2 and 3 and Neufbox 4, 6 and 6V. The flaw was quite alarming, as the attacker only had to send a blank PIN to initiate the connection. Long story short, if you’re not using it – many users don’t even know this feature is on their routers – disable it. through your box’s management interface.
To go further, you can choose a strategy that aims to make your network as private as possible in an environment that is already saturated with numerous WiFi networks. One of the tips for this is to hide the SSID network name. This means that it will no longer appear in the list of wireless networks on computers, smartphones and tablets.
It is still possible to discover the existence of a hidden network using special tools, but this makes it difficult to break into your wireless network, since knowing the name of the network and the key is absolutely necessary to connect to it. Again, this shouldn’t be seen as a real security measure. At best this is a hindrance that will waste some time for a hacker.
You will now have to manually enter the name, security standard and key to connect to your network.
Reduce the strength of the signal and therefore its range
Unfortunately, not all routers allow this, but one of the best ways to make your network less vulnerable to attacks is to reduce the strength of the WiFi signal. Then it becomes much more difficult to connect outside your walls, the connection weakens.
Likewise, if your devices are compatible, choose a single 5 GHz WiFi network (and disable the 2.4 GHz network): the higher you are in the radio wave spectrum, the easier the signal will be blocked by walls. We also recommend deactivating the WiFi network, if possible, when you are away from home for a long time, for example, when you go on vacation.
Take a look at the list of clients connected from time to time
Check your router’s administration pages from time to time to see the list of connected devices. Try to check if all devices are among the allowed ones. To do this, you can help yourself with the MAC address of your devices, which, among other things, makes it possible to guess the device brand. This site allows you to find a lot of information from MAC addresses:
Choose a different login / password for the administration of your router
Imagine if an intruder managed to break into your network without your knowledge and change your router’s configuration to reduce the risk of being discovered or to carry out an attack. Therefore, it is highly recommended to change the default username and password of the router, even if the administration interface is only accessible from your network. If the login/password in question is Admin/Password (usually this or something like that, unfortunately), change it immediately.
Complex Methods We Don’t Recommend (and Why)
Besides that, there are methods we’ve read elsewhere on the internet that should be avoided as they unnecessarily complicate the use of the WiFi network (and are therefore likely to be quickly abandoned) and/or really don’t. Improve the actual security of your WiFi network as well as making your connection less stable.
mac address filtering: to try is to hate it
Mac address filtering, which is generally recommended, should be avoided for two reasons. First, and probably most importantly, it is possible to manipulate this address, which was originally conceived as a kind of electronic watermark. Therefore, an intruder will be able to find authorized mac addresses by brute force and pretend to be a valid device.
Second, every time you have a guest, you will need to get their mac address and put them in the list of authorized devices to connect them to WiFi. We bet it won’t keep you entertained for more than two minutes!
Install a VPN on the home router
We have seen in other files on the subject that some recommend configuring a VPN on your router. We believe this advice is a distortion of another wise one: using a VPN when connecting to public WiFi networks. The idea is to encrypt the traffic between your machine and the rest of the network and complicate such attacks. middle man.
In your country, we are talking about a private network – a place where the risk of such attacks is very low (especially if you follow the advice above). Also, in addition to helping you connect to Netflix US on all your devices at home, setting up a VPN network on your router (rather than your devices) will add absolutely no security to your WiFi network.
Finally, after testing the thing on several router models (especially Netgear with Voxel or DD-WRT firmware…) this tends to make the connection unstable, with fairly frequent outages that can last a few minutes at a time. You then risk becoming someone who has been described as one of the most hated people in your household. “the person who always breaks the internet connection with his hacks” and that, frankly, believe me, it’s not pretty (I know something about that!).
Do you know any other tips to make your WiFi network more secure? Share your opinion in the comments!