Securing a Wi-Fi network is a necessary step to limit the risk of malicious intrusions or diversion of the Internet connection. Here are some examples of methods to put in place to secure your WiFi network.

Essential security

As the news regularly shows, the risks associated with Wi-Fi connections are very real. Despite this, many consumers still too often neglect the security of their wireless network and do not change, for example, credentials provided by ISPs or router manufacturers. Contrary to popular belief, crack a poorly secured Wi-Fi network is now within the reach of the greatest number. A multitude of applications can hack a connection without any technical skills. Although zero risk does not exist, some relatively simple precautionary measures can significantly reduce the risks.

Change the default password and SSID: precautions for use

Why try cracking wireless networks well protected, while some research can find Wi-Fi networks open to all comers? Security experts keep repeating, most attackers favor the easiest targets. To realize the absolutely catastrophic state of security that prevails in some homes and businesses, just go to the search engine Shodan. This service specializes in the search for connected objects on the Internet also makes it possible to find visible routers on the network. It references poorly secured devices with often left-behind ids such as admin/admin, admin/password, and so on. In addition, attackers can easily obtain specialized web-based devices for scanning Wi-Fi networks remotely and applications to crack their passwords. Arnaud Cassagne, Director of Operations at Newlove, has unveiled some of these applications:”Among the tools used by hackers to attack Wi-Fi networks are NetStumbler which allows finding open networks, Aircrack, and AirSnort which are used to crack the keys WEP and WPA, and finally Airjack to make denials of services over Wi-Fi networks. ” You must do it to secure your WiFi network.

With this in mind, it is first necessary to immediately modify the identifiers (login and password) provided by default – get info now. Easily retrievable over the Internet, these identifiers allow no more and no less access to the administrator interface and take full control of a router. It is therefore strongly recommended to set a complex password combining a series of letters, numbers and special characters. One of the tricks is to compose an easy-to-remember phrase with different characters: “Mai $ Qu1V @ ALa?”, For example. It is also better to scramble the tracks by changing the default network name (SSID). And put a name that is not identifiable (for example web_surf, Mailbox …). In order to complicate the task of possible attackers,

Select a reliable security protocol: enable complex encryption

For many years, experts have advised leaving the old WEP encryption protocol in favor of WPA2 or ideally WPA3 if it is available. Long regarded as the best Wi-Fi protection, the WPA2 launched in 2014 has taken the lead in the wake of the discovery of critical security vulnerabilities, including that called Krack that allowed to take control of a Wi-Fi network remotely and insert a malicious charge. Even though the manufacturers were quick to plug the gap, the Wi-Fi Alliance (the organization in charge of Wi-Fi protocols) hastened to accelerate the development of the new WPA3 protocol. Officially launched in June 2018, WPA3 is deployed progressively on certified routers. Easier to configure,

In all cases, it is essential to activate one of these two protocols via the security options of the administration interface of the box or the router. In this way, the information exchanged on the network, such as the password, are encrypted and a priori inviolable. It is important to set a complex password of 10 to 12 characters minimum and change it regularly. Do not forget to always make updates that may contain important security patches. It is an important tip to secure your WiFi network.

Use MAC filtering: Control each connected device

At a time when equipment connected to the wireless network is increasing in homes, this security measure is not really the most practical to implement. Media Access Control (MAC) filtering consists of selecting one by one of the devices that you want to allow to connect to the Wi-Fi network. Each device equipped with a network interface (computer, smartphone, tablet, printer, connected speaker …) has a unique MAC address. Routers have an option to filter these addresses to define devices that can connect to the wireless network. Equipment that is not in the list of allowed MAC addresses cannot access the network.

Create a guest Wi-Fi network: protect access to your personal data

Creating a Wi-Fi network is too infrequently part of the advice on what security measures to take to protect a Wi-Fi network. This is an essential precautionary measure because the router’s Wi-Fi code not just access the Internet. But potentially all content stored on computers, NAS and other hard drives connected to the network. The majority of ISP boxes (Freebox Delta / Revolution, Orange Livebox, etc.). Now have an option to create an independent Wi-Fi network dedicated to guests with its own key WPA2 or WPA3. You must also make sure to configure the guest network to be limited to Internet access. For this, disable access to the local network in the router settings. It is the best tips to secure your WiFi network.

Disable WPS: a potentially dangerous option

Wi-Fi Protected Setup (WPS) is a handy feature for quickly connecting new devices to the Wi-Fi network. One of the most common connection methods is to press at the same time on the physical button “WPS” of the router. And the physical or virtual button of the device to be added to automatically pair it to the Wi-Fi network. Depending on the equipment, the connection can be established via a PIN code. enter, an NFC near-field connection, or a USB key containing the connection data.

This connection mode, however, suffers from a bad reputation in terms of security. Because the signal may be relatively simple to intercept for a seasoned attacker. Critical security breaches to crack Wi-Fi passwords via the WPS had notably been discovered on the boxes of Orange and SFR. To limit the risks, always check that the WPS is off by default.

Install a VPN server or router: completely lock a Wi-Fi network!

Installing a Virtual Private Network (VPN) server directly on a router or box is probably the best way to protect a local network. This method reserved for advanced users makes it possible to encrypt all the data that passes through the equipment of the house, including connected objects that can not natively manage a VPN. Once again, Free was the first operator to offer an option to create a VPN server to connect all the equipment in the home. To do this, it is strongly recommended to subscribe to a paid VPN subscription from a known. And recognized provider such as ExpressVPN, NordVPN, Vypr.VPN, or HideMyHass, for example. Better to avoid free VPNs that do not offer any guarantee. And may illegally collect all data that pass through their servers. The free services are also far too slow to handle the connections of multiple devices. It is the best tips to secure your WiFi network.

Long reserved for businesses, VPN routers are only beginning to become popular with the general public. ExpressVPN is one of the first providers to offer preconfigured routers. It offers powerful Asus, Linksys or Netgear routers with its pre-installed ExpressVPN application (from $ 260). This service offers a stable and secure wireless connection thanks to an automatic reconnection system. In general, the main VPN providers offer faster and faster speeds, close to those of the original connection. This ultimate solution is not given, but it certainly offers the highest level of security possible for a private Wi-Fi network.