This is part 2 in an ongoing series about Wi-Fi. Click here to read part 1.
Today we are going to talk-through the network and physical settings of your home router in order to learn how to get the most use out of your Wi-Fi. We are going to take a look at a recent mid-grade consumer ASUS router, the RT-AC56S. By default most routers are set to have a static IP of 192.168.1.1. So to start let’s type that into the browser and enter in our login credentials to access the admin section. If you do not know your router’s I.P. address you can scan the network with Fing(Android, iOS). If you do not know your login credentials you can google your router model for the default username and password, and/or reset your router to factory defaults.
Some basic settings
This is a fairly typical modern home router admin panel. It nicely maps out our wireless network structure. I have highlighted some interesting information in the image.
In blue we have status information, how many devices are connected to this network, and our Internet IP. It is a good idea to check what kind of devices are connected/connecting to the network, if you are an iOS only home or office keep an eye out for something suspicious like an Android device or Windows machine on the network.
In green there are some basic security configuration settings.
Lastly in red we have our two different networks operating on the two different radio frequencies 2.4Ghz and 5.8Ghz that we briefly talked about in part 1. So what’s the difference?
2.4Ghz vs 5Ghz
A basic breakdown of the pros and cons is provided in a table below, but for most users it’s going to come down to two factors, speed and signal availability. Unfortunately for both questions the answer is different. For high speeds 5.8Ghz is the champion, but 2.4Ghz provides a better signal in further parts of the home or office. Fortunately most modern routers have two radios that can operate one or more Wi-Fi network(s) across two radio frequencies! If we enter in the same configuration information for both 2.4Ghz and 5.8Ghz radios, client devices will automatically choose which band to connect to. Alternatively we could name both bands to be similiar such as Network2 and Network5. By doing so I can manually switch between a high speed, low interference 5Ghz network in my primary area and a slower 2Ghz network available further away.
Basic network setup
Let’s go through a basic network setup for a 5Ghz network. First we will set the SSID or the Network name. This option is not too important but I would recommend not divulging personal information, such as “Marigold Family Wifi 39B”. This can be used by attackers to link you to other information such as a physical address. Try to choose something nondescript, I chose ‘TheJungle”. There is also an option to hide your SSID, but this will only prevent your Wi-Fi from appearing on a list of browsable Wi-Fi Networks nearby. Unfortunately it doesn’t make your network more safe, only more inconvenient, I recommend keeping this off. Users can still join a network with a hidden SSID by manually typing in the network name instead of manually selecting it from a list.
Choosing the networking standards is really up to the user. Selecting Auto will provide all possible options, enabling the highest amount of device support. For many users this will be unnecessary as they do not need to support legacy devices. Select the newer N/AC to deliver high speeds and support most devices. For a review of these settings see post 1.
Before choosing a channel, it’s important to see what networks are around us and what channels they are on. I am using Wifi Explorer for Mac but any Wifi scanner/analyzer will provide this information. Wifi Analyzer (Android) is another excellent choice.
Check out the screenshot from Wifi Explorer above. I have highlighted the 2.4Ghz and 5.8Ghz networks do you notice anything? As we were discussed earlier 2.4Ghz networks reach much further and are better at penetrating walls, so we can see many more networks than we do in the 5Ghz band, where we have no other networks. You should see a few 5Ghz nearby from your closest neighbors, but since my neighbors don’t have any competing networks I can choose any channel I want in 5Ghz.
Security standards have gone through a few revisions since Wi-Fi’s inception and there are a number of authentication methods available. WEP should never be chosen. It is an old standard and all WEP passwords are easily cracked by a determined attacker. Choose WPA2 Personal and set a good password.
A quick note on passwords
How does a hacker crack your password? Most password attacks work in a similar way, they try a long list of possible passwords consecutively, one after the other. This technique is called ‘brute-forcing’. The effectiveness of such an attack comes down to two factors, how comprehensive is the list? And how long does it take to execute? The longer the password list, the more time it will take. The shorter the password list, the less chance that you will guess correctly.
Since this attack takes a lot of time, the most commonly used passwords such as 123456, 12345678, password, admin, etc. are tried first. If you use a common password it doesn’t matter what form of encryption WEP, WPA or WPA2 you use. Your router can be easily broken into by an attacker.
What makes a good password list? The best password list is one that has only one entry, the password itself. The shorter the better but in order for brute forcing to work, the actual password needs to be in the list itself. So if you want a good comprehensive list with lots of possible passwords they tend to get big (you can google for wordlists there are several available for download that are several GB).
How big is big? If we wanted to generate a list of every possible Wi-Fi password possible, how many passwords would be in that list? Let’s look at the formula:
Total password combinations = number of different characters * digits in password
A six digit password all numbers(10):
1000000 = 10 ^ 6
A six digit password with numbers(10) and letters(a-z):
2176782336 = 36 ^ 6
A six digit password with numbers(10) and mixed letters(a-z, A-Z):
139314069504 = 72 ^ 6
A six digit password with numbers(10), mixed letters(a-z, A-Z), punctuation and special characters(33):
735091890625 = 95 ^ 6
A 12 digit password with numbers(10), mixed letters(a-z, A-Z), punctuation and special characters(33):
5.40360088e23 = 95 ^ 12
A random password of 8 – 12 digits using numbers, mixed letters, punctuation and special characters is strong enough for most uses. For industrial users the longer the better, using a random password of over 32 digits is cumbersome but provides excellent defense against crackers. Especially against those who would be competing against the clock trying to attack an event.
These are important. Any device that runs firmware should always be updated and that’s pretty much anything, Blu-ray players, network-attached storage, Nest thermostat, webcams, and any Internet-of-things device in your home. Firmware updates provide additionally functionality and bug / security fixes to these devices. Updating the firmware doesn’t guarantee that the device is secure but it does help keep you protected especially from the older attacks. Look for your firmware listing and check for available updates. If possible, set firmware updates to install automatically.
Remember how we talked about 5Ghz not going through walls as well as 2.4Ghz? Well that means that the placement of a 5Ghz router is one of the most important and often overlooked aspects of setting up a 5Ghz network. Take a look at the image above. We have a router placed in one corner of the house, and while the signal does extend to most parts, it’s easy to see where the signal will be best and worst. Since there is no standard housing layout, there is also no set position for a router. Keep in mind the size and layout of your house while follow these two tips.
1. Keep the router elevated and centrally located. Since Wi-Fi is radio it is broadcast more or less evenly in every direction going out from the router. Keeping the router in a central location helps to ensure signal availability is evenly spread throughout a physical space.
2. Since all physical objects are going to interfere with the signal try to keep the space immediately around the router clear as well. Hiding the router anywhere behind a TV, set of books, or a closet door will negatively impact the signal. The best location is on a wall by itself. The next time you are in a hotel, mall, hospital, commercial or industrial facilities look around at where they place the access points. They are almost always placed elevated on the wall or ceiling with clear lines of sight.
3. Signal direction and antennas orientation should be varied.
Many access points and usb wifi devices come with antennae but how should you orient them? The truth is it depends on the device and how its used. Internal desktop Wi-Fi antennae can be horizontally or vertically aligned. If you use one of a myriad of usb Wi-Fi devices the orientation could be at an unusual angle. Laptops generally have horizontal antennae along the bottom of the computer. Phones also vary between manufacturers and models as to whether they have vertical or horizontal antennae.
The best way to orient your antennae is to mix it up. Align one antennae vertically and the other horizontally. If you have additional antennae try to adjust the antennae to align with how you think you would often use it, for saying lying down with a phone on a couch or leaning a phone against a cutting board in the kitchen.
That completes part 2 in a multi-part Wi-Fi series for homes and small businesses. For large network events, a more robust setup such as that offered by TAPevents would be needed to guarantee speed and reliability for all users. In my next post, I will explain how you can optimize your network to enable better and more services and advanced techniques to secure and take advantage of your network.