Having an open wireless network is a security risk as it may allow anyone close enough to your router (e.g., a neighbor or someone war driving) to access your network. To make your home wireless network more secure, consider the below suggestions.

Close the network

If you have never been prompted for a key, password, or passphrase when connecting to your wireless network, it is an unsecured network. In other words, if anyone is close enough to your router, they could connect to your network. To enable security, open your router setup screen and look for a Wireless Security section. The picture shown here is an example of a Linksys router set up in the Wireless Security section.

The steps below require access to the router setup, and we also recommend configuring wireless security over a computer with a wired connection to the router if possible. For help entering the router setup, see: How to access a home network router setup or console.

Because all routers are different we cannot provide specific steps for every router. Check your router’s documentation for exact instructions.

Select the wireless security method of either WEP, WPA, or WPA2 (we suggest WPA or WPA2, which is mentioned further down on this page). The, enter a passphrase to generate the keys. After enabling security on the router, any wireless device must have the key to connect to your network.

Change default password

Make sure the router password is not using the default password. If the default password is used, it can be easily guessed and give someone access to your router. With access to the router setup, a person could change your router settings, including viewing any security keys.

If available use WPA, not WEP

Many routers today offer two or three different security schemes: WEP, WPA, and WPA2. We recommend WPA or WPA2 security since it is more secure than WEP. However, for compatibility with some older devices, such as gaming consoles, TiVo, and other network devices, WEP may be the only security option possible to use. Using WEP is still better than no security at all.

Disable remote administration

When enabled, remote administration allows anyone close enough to your router to view or change your router settings. If you never plan on remotely administrating your network (e.g., wirelessly connecting to the router), we recommend disabling remote administration. With routers that support this option, it is often disabled through the Administration section.

When disabled, the router settings can still be changed using any computer that is directly connected to the router using a network cable.

Change the default SSID name

The SSID is the name that identifies your wireless router. By default, many routers use the name of the router as the default SSID. For example, Linksys routers use ‘Linksys’ as the SSID. Using a default SSID is a security risk, because it identifies the brand of the router. It would help an attacker find a way to exploit vulnerabilities in the device.

Enable router firewall

Many routers also have a firewall that can be enabled. If available, we also suggest enabling this feature, as it helps add an extra layer of security to your network.

When naming the router, do not use your family’s name or any other personally identifiable information. For example, if the SSID contains your family’s last name, it can be identified by any neighbor that knows you.

Disable SSID broadcast

To help make finding your wireless network easier, wireless routers broadcast your SSID, which means anyone looking for a wireless router could see your SSID. To help make it more difficult for someone to find your network when browsing for a wireless network, you can disable the SSID broadcast feature. However, when disabling the SSID broadcast, it requires you manually enter your router’s unique SSID when connecting any new device to your network.

Enable wireless MAC filter

The wireless MAC filter feature only allows a wireless device to connect to your router if the MAC Address is entered in the filter list. Doing MAC filtering can make connecting new devices to your network more difficult, but improves the overall security of your wireless network.

A quick and easy way to set this up is to connect any wireless device you want on your network to your router before enabling the wireless MAC filter. After each device has connected, access the router setup and open the DHCP client table, often found in the Status or Local Network section. Each device connected to your router can be copied to the Notepad, then pasted in the wireless MAC filter section of the router Security section.

  • How to protect yourself while on the Internet.
  • See the router definition for further information and related links.
  • Network and network card help and support.