Securing Your Household Wifi
The majority of electronic devices today are wireless capable and, not surprisingly, toasters and thermostats have also joined the herd of cell phones and iPads in demanding their daily bandwidth IV drip. As wireless traffic increases, so does the frequency of your encrypted handshake protocols, which is what modern cracking software relies on. This is the method I utilize ever since I was hacked that might sound paranoid to someone who wasn’t hacked.
Consider buying an additional router to use as your dedicated wireless device, then disable the wireless radio on your primary router. An N-capable router will go for as little as $20 new or refurbished so cost is not an excuse. I would recommend a router capable of running a 3rd-party firmware such as DD-WRT or Open-Wrt because the feature sets make the next steps very easy. Check DD-WRT’s router database to see if your router is supported. As with all open-source projects, if you care to contribute money or time to the DD-WRT team for making this possible, we would greatly appreciate that!
I will outline two methodologies: one for a DD-WRT router, the other for any router. But first, do the following in either case:
1. Setup your dedicated wireless router using WPA2-personal and pick a complex password. Not a word, not several words, but some random letters, numbers, and characters, and write it down somewhere. Length is the key here. I would suggest 20 characters. Hackers can’t hack paper.
2. Use MAC filtering to ensure only your devices are allowed to connect. Every network-capable device has a unique ID called the Media Access Control address. It is a 6-part hexadecimal code in a “XX:XX:XX:XX:XX:XX” pattern. You can usually find a device’s MAC address in it’s ‘settings,’ ‘device info,’ or ‘about’ tab or section.
3. Disable SSID broadcasting. This removes your wireless connection’s name from the airspace and fools the novice hacker from honing in on your connection.
4. Limit your DHCP connections to as few as possible. If you own 10 devices, set the range to 10. This extra level of security is a mild nuisance for some, but it doesn’t make sense to allow 50 devices wireless access if you don’t have that many, does it?
At this point, if you aren’t using a DD-WRT supported router, you can disable your household’s wireless by turning off your wireless router. I would recommend using a power outlet wires to a switch, or putting a switch in-line with the power transformer. You could also just pull the plug out of the back. When you leave, or when you sleep at night, disabling your wireless ensures none of your devices are needlessly providing more opportunities for eavesdroppers. Keep in mind that this may wear out your router prematurely, which is why I recommend the DD-WRT way.
If you have selected a DD-WRT supported router, a large feature set awaits you. If your router has an SES/AOSS/EZ-SETUP button on it, usually marketed as the easy way to connect new devices to your router, we can reprogram that button to enable/disable the wireless radio. Icons on the box or the device will illustrate this option to you.
DD-WRT also provides real-time graphs of internet traffic and a list of all of the devices connected and who is using what. This opens up some real possibilities in determining noisy devices, and exactly how much bandwidth you consumed when you decided to stream the first season of BSG on Netflix for three days straight.
You could also tell DD-WRT to enable and disable the wireless radio via a timetable, detailing specific hours of days for on and off. This is a useful if your schedule is rigid and you know you only use your connection, say, weekday morning/afternoons and weekends.
If you’re clever, you could configure DD-WRT to allow you to toggle the wireless radio remotely via an SSH script as well.
NOTE: If you rely on any of your wireless devices to run updates or backups at night, I would suggest a wired alternative or simply leaving the connection on at night. The choice is yours.
NOTE for GAMERS: I would suggest positioning your rig close enough to your primary router that you can hard wire it for the best ping rates and response times. I only recommend using wireless connections for devices that don’t have an ethernet port or don’t partake in time-sensitive exchanges.