Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Securing Your Wi-Fi – The Advanced Version

December 14, 2016

A previous post identified some basic steps to secure your Wi-Fi network. As promised, Graham Cluley provides some more advanced steps you can take to further enhance the security of your Wi-Fi.

  1. Specify which IP addresses can manage your router and how. I've always recommend that you only allow internal access to manage the router. You can tighten it up even more by restricting which IP addresses (or a single one) can manage the router. If you must have external access to the router, use a VPN to access the internal network and then manage the router from there. Avoid having direct access from an external IP address.
  2. Disable Wi-Fi Protected Setup (WPS). Apparently people are too lazy to select the right network and enter the correct password in order to connect to the Wi-Fi network. Manufacturers developed WPS so a user only had to enter an 8-digit PIN in order to connect to the Wi-Fi. There is a major flaw that was discovered in WPS back in 2011. Bottom line…WPS is bad and should be disabled.
  3. Consider network segmentation and Media Access Control (MAC) filtering. Some devices have the ability to define virtual local area networks (VLANs), which will allow you to isolate devices within your network. You can also configure specific MAC addresses that are allowed to connect to the Wi-Fi.
  4. Combine port forwarding and IP filtering. Instead of using Universal Plug and Play (UPnP), which sets up connections automatically, specifically configure which port is allowed to enter your network and which internal destination address will accept the connection. Think of it as hard coding a path through your router to a specific device.
  5. Install custom firmware instead of factory firmware. You better know what you're doing if you decide to go this route, but you can certainly improve your security posture with custom code.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com