Need help setting up home wifi security.

[igniz12]

So I finally decided to try and set up some security for our home wifi and I dont have the confidence to prod away at it without the risk of ending up doing something really bad...

What Im looking to do:
. Set up home wifi for 3 person use
. Admin(me) not around to give out wifi access all the time
. Need simple solution that secures wifi but allows people in the house access at anytime

Is it possible to do something like this?

Idk if this is important but the number of devices(phones, tablets etc) looking to access this wifi is maybe around 4-5.

 

[samuria]

You dont say what router but the simplest and most secure is to have it password protected and also set to only allow know mac address on to the network so no stranger can get on it. For that you get people to login then find their mac address on the router once you have them all add those mac address to allowed and you safe as you can be

 

[igniz12]

Im sorry, I didnt mean to leave any important info out. The router is actually a Cisco brand broadband modem/router from my isp, not sure on the exact model. I'll try to look it up if its really important or any other info I should mention beforehand.

So I can setup the wifi to only accept trusted devices? Do I actually need to find the mac address for each device or just let them connect to the wifi and then select them from my desktop/router setup page?

 

[UsernameIssues]

The steps that you need to take will vary with each router.

To do the steps below, use a computer that connects to your modem by using a LAN cable (not via Wi-Fi). You can use a Wi-Fi connected computer. It just takes a few more steps.

Open a command prompt window.
Type in IPCONFIG
Press Enter
Look for a line that says something like:

Ethernet adapter Local Area Connection:

(It will be a bit different if you are using Wi-Fi.)


In that section of info, find a line that looks like this:

Default Gateway . . . . . . . . . : [COLOR=Red]192.168.0.1[/COLOR]

Open a browser (e.g. Internet Explorer) and surf to that gateway IP address.
(In some rare cases, you might encounter a router that does not have its web based interface on the same IP address as the default gateway.)

Hopefully, the router will ask for a username and password. Those credentials are probably on a sticker on the outside of your router... unless you or your ISP changed those credentials. Once you get logged in to the router, then add a key (password) to the Wi-Fi and restart the router.

Set up each device in your home to make use of your newly added Wi-Fi key Once those devices are connected, you can look around in the router's web based interface (the web pages that you access via surfing to the default gateway) to see if there is a list of connected devices. That list often times shows the MAC address of each connected device.

 

[Alejandro85]

A few quick tips on top of my head:

- Always setup the use of strong encryption protocol. Use WPA2-PSK only (WEP and others are broken already).
- Change the default passwords of both WiFi access point and the web admin interface. Make sure of using a strong, different password for each one.
- Use a good password manager to create and secure both passwords. Using easy-to-remember ones is an open invitation to hackers.
- Disable administration from the WAN, only connect from the LAN side to the web interface. If you ever require to administrate the router from the outside, use some remote access to a computer on the LAN and use that to do the work.
- Use only HTTPS to access the web interface.
- Do not forward any port that you won't use.
- Disable WPS and uPnP, as both bring flaws with them.
- Allowing anyone access to the WiFi network only requires you to provide him with the password. Some passwords managers ease this somewhat, but generally good passwords are difficult to type and share. This is the price you pay for security.


A few things that do NOT provide security, but do provide some illusion of safety:

- MAC address filter, it's known as unreliable and difficult to use. MACs can be trivially spoofed and inexperienced users have a hard time finding it, also you need to whitelist each one. Just keep strict control on who knows the password.
- SSID hiding is also a bad thing to do. Not only it's still trivially easy to know the SSID, but also hiding it seriously compromises your privacy. SSIDs are always meant to be public, so let the router broadcast its name in the open, and put your security in the password where it belongs.