Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Securing Your Wi-Fi – The Advanced Version

December 14, 2016

A previous post identified some basic steps to secure your Wi-Fi network. As promised, Graham Cluley provides some more advanced steps you can take to further enhance the security of your Wi-Fi.

Specify which IP addresses can manage your router and how. I've always recommend that you only allow internal access to manage the router. You can tighten it up even more by restricting which IP addresses (or a single one) can manage the router. If you must have external access to the router, use a VPN to access the internal network and then manage the router from there. Avoid having direct access from an external IP address.
Disable Wi-Fi Protected Setup (WPS). Apparently people are too lazy to select the right network and enter the correct password in order to connect to the Wi-Fi network. Manufacturers developed WPS so a user only had to enter an 8-digit PIN in order to connect to the Wi-Fi. There is a major flaw that was discovered in WPS back in 2011. Bottom line…WPS is bad and should be disabled.
Consider network segmentation and Media Access Control (MAC) filtering. Some devices have the ability to define virtual local area networks (VLANs), which will allow you to isolate devices within your network. You can also configure specific MAC addresses that are allowed to connect to the Wi-Fi.
Combine port forwarding and IP filtering. Instead of using Universal Plug and Play (UPnP), which sets up connections automatically, specifically configure which port is allowed to enter your network and which internal destination address will accept the connection. Think of it as hard coding a path through your router to a specific device.
Install custom firmware instead of factory firmware. You better know what you're doing if you decide to go this route, but you can certainly improve your security posture with custom code.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com

John W. Simek
Vice President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Your IT Consultant

Securing Your Wi-Fi – The Advanced Version

Subscribe for More!

Popular Categories

Listen to the Podcast

Disclaimer