Attack types and security measures for home & public Wi-Fi
Let’s start with the basics of how to protect both home & public Wi-Fi networks. First, let’s consider the most common attack types that threaten the routers. They are: DDoS Campaigns, Brute Force, and Packet Mistreating Attacks.
Here are the basics of how to secure home and public Wi-Fi connection against these attacks:
- Don’t use a router supplied by your Internet service provider as they are less secure than commercially available routers.
- Change the default admin login credentials; set a unique username with a strong Wi-Fi password to deter remote attackers; coupling the password with the use of WPA2 secures additional protection.
- Update your router’s firmware on a regular basis. Register your router to receive regularly released firmware updates.
- Be careful when logging into the router’s web interface. Access the router in private mode to prevent the browser from saving cookies, router’s username and password.
- Don’t enable services you don’t need as they expose you to additional risks.
Advanced tips on how to secure home & public Wi-Fi
If you are a technically savvy security paranoid, here are 5 more advanced tips on how to secure home and public Wi-Fi networks and routers:
1. Specify which IP addresses can manage the router and how.
Home users generally manage a router and gain access to its web-based management interface from within the wireless local area network. If remote access is needed, users should employ a virtual private network to first securely connect to the local network and then access the router’s interface. That way, attackers can’t directly access the router from the web. Users can further lock down their routers by specifying a single IP address from which they can manage the router, in order to protect it against cross-site request forgery attacks.
2. Disable Wi-Fi Protected Setup.
Wi-Fi Protected Setup, with which routers are outfitted by manufacturers for the sake of time saving, allows new users to join the network by entering in an 8-digit PIN that, when submitted correctly, transmits the more complex pre-shared key to their device with instructions to store it in future. WPS has security flaw: an attacker within radio range could brute force the WPS PIN, gain access to passwords and start additional attacks in the network. Disable WPS on your routers and set them up the traditional way: turn on Wi-Fi, select the network, and enter in the Wi-Fi password.
3. Undertake network segmentation and MAC address filtering.
Virtual Local Area Networks within larger networks are perfect means of segmenting vulnerable & Internet of Things devices from the rest of the network. Further, users can leverage each device’s Media Access Control address (its unique identifier) in order to approve its access to the Wi-Fi network.
4. Combine port forwarding and IP filtering.
To prohibit unknown web-surfing devices from discovering a device on the local network, users can set up port forwarding: a set of inbound firewall rules that tells the router to read each incoming data packet’s source IP address and other characteristics, and then to allow sending data or to block them outright. Combination with IP filtering – specifying which IP addresses can use a specific port to reach services on the network – strengthens security more.
5. Factory firmware is weak in terms of security; custom one protects better. There are many online options for advanced users.
Thus, the above article has presented you with the basic and advanced tips on how to secure home & public Wi-Fi. In case you’re interested in more details on the topic of online security, welcome to our regular updates!
[Total: 0 Average: 0]
Interested? Try it!
There are different types of protection against thieves, both real and virtual. Offline, you can use locks and keys, fences […]
Committing digital suicide? Or just going incognito? An average American citizen has more than 130 personal accounts. It means approximately […]
There is much to recommend Privatoria. Most importantly, it keeps no logs at all and is ridiculously cheap. Although it […]