How to protect your Wi-Fi network from snoopers...including Google

Stop break-ins and privacy-invaders. If you had done all this, you would have been safe from Street View snooping.

A lawsuit against Google for snooping on Wi-Fi networks is moving forward, and it should raise this question for you: Just how safe is your own network against snoopers? If you've got a small wireless network you use for business or home, here's how you can protect yourself against break-ins and snoopers.

The suit against Google concerns the data collection Google did for Street View, in which it not only photographed streets and houses, but also snatched passwords, e-mail, and other personal information from home Wi-Fi networks. (Google no longer does that.) Here are some simple steps you can take, and tools to use, to help protect your work or home wireless network -- and that would have protected you against Google's WiFi snooping.

Properly encrypt your network

Start with the basics, of course: Encrypt your network. You'd be surprised how many people simply don't do that. Make sure that you use the strongest encryption possible. So avoid WEP and opt for WPA -- and use WPA2 rather than WPA. If you use even stronger encryption, make sure that all the devices that need to access your network can use it.

Change the default administrator password

Also, make sure to change your default administrator password and user name. Most people don't do this. If you don't, it's an invitation for someone to take control of your wireless network, because the default administrator user names and passwords of routers are well-known and can be used by anyone. You typically change your password on the login screen.

Disable SSID Broadcasting

Your service set identifier (SSID) is your network's name. If people know the name, and see it in plain sight, it'll be easier for them to break into it. Your router broadcasts its SSID, and that broadcast tells passersby there's a network there. It also gives out the name, which makes it easier to connect to.

Turning off SSID broadcasting can go a long way toward keeping casual users from seeing your network. Doing that, by itself, won't necessarily solve the problem. Even if you stop broadcasting your network's name, people might still be able to connect to your network if you use its default name. Manufacturers generally ship their wireless routers with the same generic SSID; for example, Linksys routers typically have the SSID "Linksys" by default. So, even if you stop broadcasting your SSID, intruders can easily guess your router's name and log on.

So you should first change your SSID's name, and then hide it. That way, passersby won't see it, and they won't be able to guess it, either. How you do this varies from manufacturer to manufacturer, and even from model to model from the same manufacturer. But for many models of Linksys routers, here's what to do.

Log into the setup screen by opening your browser and going to 192.168.1.1, then logging in. (You did remember to change the user name and password, didn't you?) Click the Wireless tab and look for the Wireless Network Name (SSID) box. Enter the new name of your network. On the same screen, look for the Wireless SSID Broadcast setting, and choose Disabled. Then, click Save Settings. That's all it takes. Again, if you have another model of router, your steps will be different.

Keep out intruders using MAC address filtering

With MAC address filtering, you can tell your network to only allow specific devices to connect, and ban all others. Every piece of networking hardware has a unique MAC address. So you'll be able to tell your router to allow only specific MAC addresses onto the network, and ban everyone else.

First, find out the MAC address of all of the wireless devices that connect to your network. How you do this varies according to your operating system, so you do it differently for Windows, Mac OS X, iOS, Android, and Windows Phone. There's no room in this blog post to give you the details for each. So head here or go here for solid information about how to find that all out.

Copy down all the MAC addresses of the devices. (They'll look something like this: 00:08:A1:00:9F:32.) Now log into your router and configure MAC address filtering. Again, this varies according to manufacturer and model. But on many Linksys routers, log in, then choose Wireless-->Wireless Mac Filter. On each entry box, type in the MAC address of a device. Click "Permit PCs listed below to access the wireless network." Then click Enabled. Finally click Save Settings.

Note that you you may find that some devices may be kicked off your network after you do this. If so, it means that you've either copied down their MAC addresses incorrectly, or simply forgotten about them. So double-check the MAC addresses of devices that were kicked off. If you have gaming equipment or entertainment devices such as a Sonos sound system, make sure to include their MAC addresses.

Spoof a MAC address to test your security

Want to make sure that your MAC address filtering is working? You can spoof the MAC address of a PC -- change its address to something different. After you've spoofed the address on the PC, try to connect to your network. If you get through, you've done something wrong with your MAC filtering.

To spoor a MAC address, get the free Technitium MAC Address Changer. It's simple and straightforward to use. After you've spoofed it, try connecting to your network.

Keep in mind that a determined hacker who targets your network may be able to get past all this security. But as a general rule, it's not determined hackers you need to worry about, but more casual ones, like Google had been. And this should keep you safe from them.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies