Saturday, February 11, 2017

Security: Home Network

In this part we will be discussing your home network in general, mostly it will be about optimizing your local network, but at the same time giving your devices some security boost.

This article is for intermediate and advanced users, kind of, because we go into the deep core of your network, anything that is done wrong can literally make your network not function. So please, if any of this is unfamiliar to you, or hard to understand and you still want to do them then find a technician or someone that is tech savvy and you trust. Use caution, anything you do from this point on is your responsibility.

Securing Your Wi-Fi Network:
At this day and age, this should be the first thing to do, in fact, it should be done already, however since not everyone is tech savvy and that is completely understandable, we might still see the rare occasion of a private Wi-Fi spot unprotected, or using legacy and weak security measures. I blame the technician that set it up in that case, if any.

The first step is thinking of a password for your Wi-Fi network, it shouldn’t be too complicated or too easy. It also shouldn’t be something too obvious, like your name or your pet’s name. Pick your favorite celebrity and maybe a year that has a meaning to you for example (avoid birthdays). Here is a suggestion: Nexon1923, or if your router allows it, add a hyphen: Nexon-1923. Even better, mix it up: NexoN-1923.

When I tell people that password form idea, they always think I’m joking. I’m not. You should basically be after a hard to guess password that is easy to remember, the more you mix it with upper and lower case letters, hyphens and numbers, the better. Imagine having to re-enter the password on all your devices and it’s something like “akjnsAJN564-kf55$klaj”. Hey, if you’re into that and can do it, then go for it. In most cases though, you don’t need something as complicated.

After choosing your password, please, change your security type to WPA2, the legacy WEP and WPA are relatively easy to exploit, especially WEP. I honestly have no idea why it still exists, though I’m sure there is a deep technical reason behind it, for this user though, I’m sticking to WPA2.

For WPA2 encryption type, I pick AES, to explain this shortly, it basically turns your password into a long hash (a string). For more details on AES, please read this article on Wikipedia.

The reason I choose AES instead of TKIP is because it is no longer considered to be secure, if you search with the terms “AES vs TKIP” I’m sure you’ll find many detailed articles about the differences, and why AES, so far, is a superior choice of encryption.

In short, though, TKIP is old, it was the standard for WEP security, which as I mentioned, is really weak and should never ever be used. AES was introduced with WPA2 security protocol.

Default Router Password:
Thankfully, this is starting to disappear, however, many households still have old routers or were supplied with devices by uncaring ISPs that have the default user name and password with something as simple as “admin”.  Though many ISPs are starting to provide routers with pre-generated passwords that are usually on a sticker provided in the router’s box.

If your router can be accessed with a simple default password, then please, either you or preferably a technician should change that immediately, to anything that is easy to remember but hard to guess.
The only person that should have access to the root of your router is you, or the operator of the router. If you invite someone to your house, and they ask for your Wi-Fi password, they would basically have full control over your network. They could alter settings, or even lock you out of your own network, which would result in you having to reset everything and going through the hassle of reading this article all over again.

Wi-Fi Access Filtering: (Highly Optional)

Almost all routers provide an option for WLAN filtering, which is basically allowing specific devices, even if they know the Wi-Fi Password, to connect. If someone has or knows the password, and their devices is not on the “white-list”, then they will not be allowed to connect.

The reason I said this is highly optional is that most households don’t need this, in fact, this could be a hassle if you have many people visit you and ask for internet access via Wi-Fi, because every time someone gets access, you’ll have to manually add their device to the list. Only do this as an extra security measure, not because it’s a must.

If you go to your WLAN settings, you’ll most likely be able to see a tab or a link to “WLAN Filtering”, open it, a page should be generated with two options “Allow devices in the list to connect” or “Deny devices in the list to connect”, it’s basically a white-list or a black-list option. You either deny, or only allow specific people in. For this example, we’ll go with the Allow, or, white-list.
Under that you should see a form list, with something like “MAC 01” or “MAC Address” and there should be an option to “Add a MAC Address”.

A MAC Address is a unique string that every device has, it is used to identify your device from another, even if they’re both the same brand, from the same shop and have the same specifications. It’s usually strings separated by either : or -, for example “01:23:45:67:89:ab”.

MAC Address on Windows:
To get your MAC Address on Windows, open cmd.exe then type getmac and press enter, it should list the address there, then all you have to do is copy that address and add it to your router’s whitelist.

MAC Address on Mac OS:
Click on the Apple menu, and then click on System Preferences -> Network -> Choose Wi-Fi from the list -> Hardware tab. You’ll need to be connected to a network already to view that MAC Address.

MAC Address on Linux:
Open Terminal, and as root, type “ifconfig -a”, the number next to HWaddr should be your MAC Address.

MAC Address on iOS:
Open Settings -> General -> About -> Wi-Fi Address

MAC Address on Android:
Open Settings -> More -> About Device -> Status ->Wi-Fi MAC Address

Your network security is important, especially if you have all your devices connected to them, neglecting that could jeopardize any or all the devices connected.

Passwords are important too, but they don’t have to be rocket science. Avoid “12345”, or “snowballs”, your pet, as a password. If you can afford doing the optional measures, by all means do it, if not, then at least follow the basic standards of securing your network.


Post a Comment