12 Ways to Secure Your Wi-Fi Network

Sometimes the best thing to say about a wireless router in your house is that once it's set it, you forget it exists. As long as the devices that need the Wi-Fi connection can get on and function, that's all that matters, right?

Maybe, but we also live in the age of leaks, wiki and otherwise. If you're worried about the security of your home and by extension your personal data—especially from hackers who could casually sit in a car outside and get access to your systems—then you need to put a padlock on that wireless. You may also want to prevent others from using your network, and freeloaders alike.

So what do you do? Follow these tips and you'll be well ahead of most home Wi-Fi users. Nothing will make you 1,000 percent safe against a truly dedicated hack. Crafty social engineering schemes are tough to beat. But don't make it easy on them; protect yourself with these steps.

---

Time-Tested Wi-Fi (and All Around) Security

Change Your Router Admin Username and PasswordEvery router comes with a generic username and password—if they come with a password at all. You need it the first time you access the router. After that, change them both. Immediately. The generic usernames are a matter of public record for just about every router in existence; not changing them makes it incredibly easy for someone who gets physical access to your router to mess with the settings.

If you forget the new username/password, you should probably stick to pencil and paper, but you can reset a router to its factory settings to get in with the original admin generic info.

Change the Network NameThe service set identifier (SSID) is the name that's broadcast from your Wi-Fi to the outside world so people can find the network. While you probably want to make the SSID public, using the generic network name/SSID generally gives it away. For example, routers from Linksys usually say "Linksys" in the name; some list the maker and model number ("NetgearR6700"). That makes it easier for others to ID your router type. Give your network a more personalized moniker.

It's annoying, but rotating the SSID(s) on the network means that even if someone had previous access—like a noisy neighbor—you can boot them off with regular changes. It's usually a moot point if you have encryption in place, but just because you're paranoid doesn't mean they're not out to use your bandwidth. (Just remember, if you change the SSID and don't broadcast the SSID, it's on you to remember the new name all the time and reconnect ALL your devices—computers, phones, tablets, game consoles, talking robots, cameras, smart home devices, etc.

Activate EncryptionThis is the ultimate Wi-Fi no-brainer; no router in the last 10 years has come without encryption. It's the single most important thing you must do to lock down your wireless network. Navigate to your router's settings (here's how) and look for security options. Each router brand will likely differ; if you're stumped, head to your router maker's support site.

Once there, turn on WPA2 Personal (it may show as WPA2-PSK); if that's not an option use WPA Personal (but if you can't get WPA2, be smart: go get a modern router). Set the encryption type to AES (avoid TKIP if that's an option). You'll need to enter a password, also known as a network key, for the encrypted Wi-Fi.

This is NOT the same password you used for the router—this is what you enter on every single device when you connect via Wi-Fi. So make it a long nonsense word or phrase no one can guess, yet something easy enough to type into every weird device you've got that uses wireless. Using a mix of upper- and lowercase letters, numbers, and special characters to make it truly strong, but you have to balance that with ease and memorability.

Double Up on Firewalls The router has a firewall built in that should protect your internal network against outside attacks. Activate it if it's not automatic. It might say SPI (stateful packet inspection) or NAT (network address translation), but either way, turn it on as an extra layer of protection.

For full-bore protection—like making sure your own software doesn't send stuff out over the network or Internet without your permission—install a firewall software on your PC as well. Our top choice: Check Point ZoneAlarm PRO Firewall 2017; there a free version and a $40 pro version, which has extras like phishing and antivirus protection. At the very least, turn on the firewall that comes with Windows 8 and 10.

Turn Off Guest NetworksIt's nice and convenient to provide guests with a network that doesn't have an encryption password, but what if you can't trust them? Or the neighbors? Or the people parked out front? If they're close enough to be on your Wi-Fi, they should be close enough to you that you'd give them the password. (Remember—you can always change your Wi-Fi encryption password later.)

Use a VPN

A virtual private network (VPN) connection makes a tunnel between your device and the Internet through a third-party server—it can help mask your identity or make it look like you're in another country, preventing snoops from seeing your Internet traffic. Some even block ads. A VPN is a smart bet for all Internet users, even if you're not on Wi-Fi. As some say, you need a VPN or you're screwed. Check our list of the Best VPN services.

Update Router FirmwareJust like with your operating system and browsers and other software, people find security holes in routers all the time to exploit. When the router manufacturers know about these exploits, they plug the holes by issuing new software for the router, called firmware. Go into your router settings every month or so and do a quick check to see if you need an update, then run their upgrade. New firmware may also come with new features for the router, so it's a win-win.

If you're feeling particularly techie—and have the right kind of router that supports it—you can upgrade to custom third-party firmware like Tomato, DD-WRT or OpenWrt. These programs completely erase the manufacturer's firmware on the router but can provide a slew of new features or even better speedscompared to the original firmware. Don't take this step unless you're feeling pretty secure in your networking knowledge.

Turn Off WPSWi-Fi Protected Setup, or WPS, is the function by which devices can be easily paired with the router even when encryption is turned because you push a button on the router and the device in question. Voila, they're talking. It's not that hard to crack, and means anyone with quick physical access to your router can instantly pair their equipment with it. Unless your router is locked away tight, this is a potential opening to the network you may not have considered.

---

'Debunked' Options

Many security recommendations floating around the Web don't pass muster with experts. That's because people with the right equipment—such wireless analyzer software like Kismet or mega-tools like the Pwnie Express Pwn Pro—aren't going to let the following tips stop them. I include them for completion's sake because, while they can be a pain in the ass to implement or follow up with, a truly paranoid person who doesn't yet think the NSA is after them may want to consider their options. So, while these are far from foolproof, they can't hurt if you're worried.

Don't Broadcast the Network Name

This makes it harder, but not impossible, for friends and family to get on the Wi-Fi; that means it makes it a lot harder for non-friends to get online. In the router settings for the SSID, check for a "visibility status" or "enable SSID broadcast" and turn it off. In the future, when someone wants to get on the Wi-Fi, you'll have to tell them the SSID to type in—so make that network name something simple enough to remember and type. (Anyone with a wireless sniffer, however, can pick the SSID out of the air in very little time. The SSID is not so much as invisible as it is camouflaged.)

Disable DHCPThe Dynamic Host Control Configuration Protocol (DHCP) server in your router is what IP addresses are assigned to each device on the network. For example, if the router has an IP of 192.168.0.1, your router may have a DCHP range of 192.168.0.100 to 192.168.0.125—that's 26 possible IP addresses it would allow on the network. You can limit the range so (in theory) the DHCP wouldn't allow more than a certain number of devices—but with everything from appliances to watches using Wi-Fi, that's hard to justify.

For security, you could also just disable DHCP entirely. That means you have to go into each device—even the appliances and watches—and assign it an IP address that fits with your router. (And all this on top of just signing into the encrypted Wi-Fi as it is.) If that sounds daunting, it can be for the layman. Again, keep in mind, anyone one with the right Wi-Fi hacking tools and a good guess on your router's IP address range can probably get on the network even if you do disable the DHCP server.

Filter on MAC Addresses
Every single device that connects to a network has a media access control (MAC) address that serves as a unique ID. Some with multiple network options—say 2.4GHz Wi-Fi, and 5GHz Wi-Fi, and Ethernet—will have a MAC address for each type. You can go into your router settings and physically type in the MAC address of only the devices you want to allow on the network. You can also find the "Access Control" section of your router to see a list of devices already connected, then select only those you want to allow or block. If you see items without a name, check its listed MAC addresses against your known products—MAC addresses are typically printed right on the device. Anything that doesn't match up may be an interloper. Or it might just be something you forgot about—there is a lot of Wi-Fi out there.

Turn Down the Broadcast Power
Got a fantastic Wi-Fi signal that reaches outdoors, to areas you don't even roam? That's giving the neighbors and passers-by easy access. You can, with most routers, turn down the Transmit Power Control a bit, say to 75 percent, to make it harder. Naturally, all the interlopers need is a better antenna on their side to get by this, but why make it easy on them? via pcmag

Read more »

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

Google’s July 2017 security fixes for Android are out.

As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.

RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.

Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.

In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.

The majority of the July 2017 RCE bugs in Android appear under the heading “Media framework”, which means they are Android flaws that are exposed when files such as images or videos are processed for display.

Like the infamous Stagefright bug in Android back in 2015, bugs of this sort can potentially be triggered by actions that don’t arouse suspicion, because images and videos can unexceptionably be embedded in innocent-looking content such as MMS messages and web pages.

There’s also an RCE bug in Android’s built-in FTP client – this one affects all Android versions still getting patches, from 4.4.4 all the way to 7.1.2.

We’re not sure how easy it is to trigger this bug, but we’re assuming it’s tricky to exploit because Google gives it only a moderate rating.

(Mild risk ratings are unusual for RCEs – they usually attract a high or critical rating because there’s a lot at stake if an RCE vulnerability does get exploited.)

“Proximate attacker” warning

The most intriguing bug this month, however, is an RCE flaw in the Broadcom Wi-Fi code that’s used by Android devices equipped with certain Broadcom wireless chips.

According to Google, “a proximate attacker [could] execute arbitrary code within the context of the kernel”.

In plain English, that means a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device…

…and end up with the same programmatic powers as the Android operating system on your device.

Given that the Android kernel is responsible for keeping your apps apart, for example by preventing the new fitness app you just installed from sneaking a look at your browsing history, a security compromise inside the kernel itself is about as serious as it gets.

Unfortunately, we can’t yet give you any real detail about the Broadcom RCE patch.

The researcher who found the bug will be presenting his findings at the end of July 2017 at the Black Hat 2017 conference in Las Vegas.

Until then, all we really have are teasers for his forthcoming talk, and a the funky-sounding name BroadPwn for the vulnerability.

(Understandably, no one who’s about to unveil a cool exploit at Black Hat wants to risk giving away a TL;DR version before the talk takes place – that would be like leaking the names of the Oscar winners a week before the awards ceremony.)

Interestingly, back in April 2017, a number of security issues in Broadcom wireless firmware were found to affect both iOS and Android devices – so if you’re an iPhone user, don’t be surprised if this month’s Google patches are quickly followed by a security patch from Apple, too.

What to do?

As usual, we’re going to repeat our usual mantra: “Patch early, patch often.”

What we can’t tell you is when the vendors of devices other than Google’s own Nexus and Pixel phones will be ready with their patches – if you’re worried, ask your vendor or the carrier who supplied your device.

Also, we can’t give you a handy list of the thousands of different Android devices out there that not only include Broadcom wireless cards but also have firmware that’s affected by the BroadPwn bug.

Once again, if you are worried, ask your supplier or mobile carrier.

Having said that, we can offer you Sophos Mobile Security for Android, 100% free of charge: although it won’t patch the abovementioned security holes for you, it will stop you from browsing to risky websites and from downloading booby-trapped adware and malware apps.

A good Android anti-virus not only makes it harder for crooks to push risky content onto your device but also stops them pulling you towards phishing pages, survey scams and other criminally oriented websites.

via nakedsecurity

Read more »

Routers don't keep you safe from hackers

Many people assume that their router will keep them safe from hackers. It couldn't be further from the truth. There are a few things that routers offer, but they aren't enough.

Port blocking isn't enough because hackers can get in through other ports.

Unless you have an enterprise level router, the hardware is too weak to do much. 90% of people just have the router their ISP provides. It just doesn't have enough horsepower to do any meaningful analysis of traffic or any intelligent threat detection.

Routers have static security measures that are outdated the moment they leave the factory. Hackers are constantly updating their tactics. This is why CUJO has security features that are intelligent and adapt to new threats. CUJO is constantly learning and updating every second.

To use an analogy, your typical router protects you as much as having a nice white picket fence around your house. Don't have a false sense of security, get a guard dog like CUJO :)

Right now CUJO doing a limited time offer: you can get a CUJO with a $0 subscription for only $249. Click here to add it to your cart.

Read more »

25 Scariest Things You Didn't Know About Using Public Wi-Fi

Read more »

EnGenius' SOHO wireless router

Create your own wireless network with the EnGenius' SOHO wireless router. EnGenius ESR Series will provide you with a low-cost high powered Wi-Fi router that will extends your network's wireless range. Connect the ESR Series to any broadband modem and wirelessly share your high-speed Internet connection. Enjoy surfing the web, checking e-mail, and chatting with family and friends online. Reach the places your previous router would not go with EnGenius ESR Series high powered radio and extended range coverage.

Parents can also use EnShare to remotely monitor Cloud Router usage or disconnect devices connected to the IoT Cloud Router whenever they're away from home via an Internet connection.

Learn more >>>

EnGenius ESR350 802.11b/g/n Router with 4 ...
The ESR350 is a 2.4 GHz Wireless N300 IoT Cloud Router with a 4-Port Gigabit Ethernet s... [More]

Price: $81.99

Buy Now

The ESR350 is a 2.4 GHz Wireless N300 IoT Cloud Router with a 4-Port Gigabit Ethernet switch, Gigabit Ethernet WAN port and USB port. With the free EnShareT app, families can use their Apple iPhones, iPads or Android-based tablets or smartphones to transfer video, music and other files to and from a router-attached USB hard drive when they are in the home or when they are away from home.

Features:

• ESR350 2.4GHz Wireless-N 802.11b/g/n router with 4 port GigE switch.
• Broadband Frequency Band: 2.4 GHz
• Data Rate: 300 Mbit/s
• Frequency Range: 2.412-2.472 GHz
• WiFi Deployment Type: Standalone / Controller-Based
• WiFi Standard: 802.11b / 802.11g / 802.11n
• WiFi Security: WEP / WPA / WPA2
• Environment: Indoor
• Temperature Range: 0-40 deg C
• Data Connectors: 1x Gigabit WAN Port, 4x Gigabit LAN Ports, 1x USB 2.0 Port
• Power Supply: DC IN, 12V 1.5A
• Mfg. Warranty: 1 Year

Read more »

Nine Wi-Fi gadgets that reflect IoT momentum

With predictions of billions of new devices with wireless connectivity over the coming years, the “Internet of Things” is expected to have a major influence on multiple verticals and consumers’ everyday lives. And it turns out that already, everything from dog dishes to stuffed animals to vacuums and home appliances are getting connected.

Cisco’s Mobile Visual Networking Index for 2016 estimates that machine-to-machine connections will grow from 604 million last year to 3.1 billion by 2020, reflecting five-fold growth.

“M2M connections – such as home and office security and automation, smart metering and utilities, maintenance, building automation, automotive, health care and consumer electronics, and more – are being used across a broad spectrum of industries, as well as in the consumer segment,” Cisco concluded. In the wearables market specifically, Cisco projects there will be 601 million devices globally by 2020 – and most of those devices will be connected by a noncellular technology such as Bluetooth or Wi-Fi, with only 7% expected to be cellular-equipped.

While Linksys’ H2O router claimed to provide Wi-Fi coverage up to 10,000 feet underwater was an April Fool’s joke, there are more than enough real envelope-pushing Wi-Fi gadgets on the market or in development to prove that for Wi-Fi, the IoT is already here. Some of these include:

-Amazon.com’s Wi-Fi-enabled Dash buttons currently serve more than 100 brands with one-touch reordering in the home, enabling consumers to push a button and automatically place an order with Amazon. The buttons are available at $5 a pop, with the cost recouped in a $5 credit on the first product order. Perhaps more interestingly, Amazon is now partnering with other brands to incorporate Dash ordering capabilities in its Dash Replenishment Program and has released an API to encourage such development. Samsung, General Electric and others have signed up to build hardware that can re-order products without any intervention. A Whirlpool Smart Dishwasher, for example, can calculate how much product it has used compared to what’s available in a typical product size and re-order via Dash when the supply is running low.

-San Diego, California-based start-up BIGaVu connects teddy bears via Wi-Fi to provide music and voice messages from parents, and reacts to online games to provide entertainment for children who are in the hospital. The company recently unveiled prototypes of its bears and has a therapies-on-demand hardware and software platform.

-Jenn-Air added the brand’s first Wi-Fi enabled refrigerator to its lineup, which can be controlled via an Apple iOS or Google Android application for monitoring or directing tasks such as making extra ice. It’s set to be available later this year.

-The June computerized counter-top oven sends updates on cooking process to a smartphone app via Wi-Fi and can provide live video from inside the appliance, as well as a push notification when the dish is done. It also gets software updates via Wi-Fi. June recently raised $22.5 million in Series A funding and plans to start shipping ovens for the 2016 holiday season.

-In addition to its Bluetooth-enabled wearables, Fitbit has a Wi-Fi enabled scale that integrates with its Fitbit app. The fitness wearables market is a popular one for the integration of both Bluetooth and Wi-Fi; a new fitness tracking solution recently touted by Naked Labs includes a scanning mirror and a scale that doubles as a turntable so users are presented with a 360-degree view of their bodies and “heat maps” of changing areas to visually track their fitness progress. That offering is expected to be available in March 2017.

-The Petnet Wi-Fi-enabled SmartFeeder for pets has an app (for iOS only) designed to allow an owner to schedule automatic feedings while they are away. The app has a re-ordering option supported by Amazon’s Dash Replenishment Service and also recently added integration with Google’s Nest Cam.

–Foobot is an indoor air quality monitoring device with Wi-Fi connectivity designed to measure volatile organic compounds and particulate in the home, along with carbon monoxide, carbon dioxide, temperature and humidity.

-IRobot introduced embedded Wi-Fi connectivity to its Roomba vacuuming robot product line last year, with the Roomba 980 model that can be remotely controlled and scheduled via an Android or iOS app. Previously, workarounds were available for customers who wanted to control their Roombas via wireless, but the newest addition builds in Wi-Fi capabilities.

via RCRWireless

Read more »