Computer security is no longer something that applies ONLY to system administrators and other IT professionals. In this modern era, it is rare to find anyone in any developed country that does not routinely use a computer on the Internet, and home networks are everywhere. This information is intended for users at all experience levels.
Passwords are the keys to our computers and our networks. Passwords protect our email, bank, and social networking accounts just to name a few. Weak passwords are the number one way hackers compromise these accounts. There are many
reasons for compromised passwords, but the most common reasons in my experience are weak passwords that can be easily guessed or "cracked" by hackers, or passwords that are so difficult to remember that users write them down to remember them, thus making them vulnerable for a hacker to find the written password. By using a character substitution technique, you will be able to create a strong, easy to remember password that does not need to be written down on paper.
Passwords should be at least eight characters long, contain at least one upper case character, one number, and one "special character" (!, @, #, $, %, ^, &, -). The longer the password, the better, but for most people, 8 - 10 characters is enough.
Let's start with a simple password (Vacation) and by substituting a different, yet similar character, create very strong password:
I typically use the following substitutions (you can make your own if you like).
"e" = "3" (looks like a backwards "e" to me).
"a" = "@"
"i" = "!"
"l" - "1"
"o" = "0" (zero)
So by using this technique, "Vacation" becomes "V@c@t!0n." "A hacker will be able to crack "Vacation" in a matter of seconds with the right software, but may take WEEKS to crack "V@c@t!0n." In theory, by the time they are able to crack it, more than 90 days have passed and you have already changed your password to a new, even stronger, password.
Wireless networks are EVERYWHERE now - even in most homes. They offer convenience and portability, and can be easily setup by the most novice of users. However, if wireless networks are not set up securely, you leave a HUGE security hole in your home that anyone with a laptop (or desktop) computer can use the Internet on your dime.
The typical wireless network will broadcast its signal for about 900 feet. With an external antenna, I have personally witnessed someone connect to one from 30+ miles away! That may be extreme, but consider that you will have about a 900 foot radius in which almost anyone can access your network. If you are a typical home these days, you have multiple computers that are networked, and you may even have areas of your hard drives "shared" so you can copy files from your computer to another family member's computer. If someone connected to your wireless, they become part of your home network and can likely see (and access) your "shares." So if you shared your entire "C" drive (never a good idea), ANYONE can access it, and possibly even put files on it. Getting nervous yet?
Now consider that there are some extremely bad people in the world who like to download illegal pictures, music, or movies from the Internet. If they are caught in some sort of law enforcement operation anywhere in the world, the police will track the activity back to YOUR home network, and quite possibly could show up with a search warrant some weeks or months down the road. You will not be given the opportunity to defend yourself at that point, because they will likely take all your computers and analyze them for contraband. This is an extreme example, and the police would likely have to have other evidence to support their search warrant, but the fact would remain that "someone" on your home network did something illegal.
Ready to secure that wireless device yet?
This information is generic enough so that most people can either do it themselves or entrust their resident geek friend (or average high school student). Here is the prioritized way to approach securing your wireless:
1. Change the default SSID. Default SSIDs tell hackers what type of wireless device you have installed. Change it to something that is not attributed to you. Making it your last name or house number is not a good idea.
2. Change the default password! Anyone can Google your default SSID and get the default password, login, and lock you out! This is primarily an issue for older cablemodems, but I have seen them in use as recently as the Summer of 2017.
3. Turn "Broadcast SSID" to "OFF." This will prevent your wireless from sending out its name and from appearing in a list of available networks to unwanted users. Your authorized users will have to manually search for it the first time they connect.
4. Use SOME sort of encryption. WEP is the original type and is not considered secure. WPA2 is likely all you need at home.
These four steps should be sufficient, but add the following if you are REALLY paranoid!
5. Use MAC Authentication. Every network interface card has a unique MAC address. You will have to find that code and add it to your wireless access device BEFORE the user can attempt to connect. If it's not listed on your WIFI, it will not connect.
6. If you have a firewall on your network, logically place the wireless in the DeMilitarized Zone (DMZ), NOT "behind" the firewall. This way, if your wireless is compromised (hacked), the hacker will not have access to other resources behind the firewall. (I know, this last one might be a bit too geeky for some of you).