When you extend your WiFi network, you're also extending your security perimeter. Every additional access point is a potential entry point for unauthorised users if not properly secured. While WiFi extenders inherit many security settings from your router, there are specific steps you should take to ensure your extended network remains protected. This guide covers essential security practices that every Australian home network user should implement.
Understanding WiFi Security Basics
Before diving into specific recommendations, it's helpful to understand how WiFi security works. Your wireless network uses encryption to scramble data transmitted between devices and your router or extender. Without the correct password, this encrypted data is meaningless to anyone who intercepts it. The strength of this protection depends on which encryption standard you use.
Encryption Standards Explained
WEP (Wired Equivalent Privacy): The original WiFi security standard, now completely obsolete. WEP can be cracked in minutes with freely available tools. If your equipment only supports WEP, it's time for an upgrade.
WPA (WiFi Protected Access): An improvement over WEP but still vulnerable to certain attacks. Should be avoided if newer options are available.
WPA2: The standard for most of the past decade, WPA2 provides strong security when combined with a good password. Most current equipment supports WPA2, and it remains acceptable for home use.
WPA3: The newest standard, offering improved protection against password-guessing attacks and better encryption. If your equipment supports WPA3, use it. However, some older devices may not be compatible.
Security Alert
Never use WEP or open (no password) networks. If your router or extender is set to WEP, change it immediately to WPA2 or WPA3. An unsecured network exposes all your internet activity and could make you liable for illegal activity conducted through your connection.
Creating Strong Passwords
Your WiFi password is the primary barrier between your network and unauthorised access. A weak password undermines all other security measures. Unfortunately, many Australians use easily guessable passwords like "password123" or their street address.
Characteristics of Strong WiFi Passwords
A strong WiFi password should be at least 12 characters long, though 16 or more is better. It should include a mix of uppercase and lowercase letters, numbers, and special characters. Avoid dictionary words, personal information (birthdates, names, addresses), and common patterns like "qwerty" or "123456".
Consider using a passphrase approach: combine several random words with numbers and special characters. For example, "Purple7!Kangaroo$Sunset" is both strong and relatively memorable. Alternatively, use a password manager to generate and store a truly random password.
Changing Default Passwords
Both your router and extender have administrative passwords for accessing their settings pages. These are different from your WiFi password. Default admin passwords are publicly known and should always be changed. If someone gains access to your device settings, they can modify security configurations, redirect your traffic, or lock you out entirely.
Password Management Tip
Use different passwords for your WiFi network, router admin panel, and extender admin panel. This way, if one password is compromised, your entire network isn't immediately vulnerable. Consider using a password manager to keep track of these securely.
Keeping Firmware Updated
Firmware updates often include security patches that address newly discovered vulnerabilities. Running outdated firmware is like leaving a known security hole open in your network. Manufacturers regularly discover and fix security issues, but these fixes only protect you if you install them.
How to Update Firmware
Most modern extenders can be updated through their companion smartphone apps, which may even offer automatic update options. For extenders without apps, you'll need to access the web-based configuration page, usually by entering the device's IP address in a web browser. The settings page will typically have a firmware or update section where you can check for and install updates.
Set a calendar reminder to check for updates quarterly if your devices don't update automatically. Before updating, ensure your devices are connected to stable power as interrupting a firmware update can render the device unusable.
Network Segmentation Strategies
Network segmentation involves creating separate networks for different purposes, limiting what an attacker can access if they breach one segment. Many modern routers and some extenders support creating guest networks, which is the simplest form of segmentation.
Guest Network Benefits
A guest network allows visitors to access the internet without accessing your main network where your computers, NAS drives, and smart home devices reside. This isolation protects your devices even if a guest's device is infected with malware. It also allows you to share a simpler password with guests without revealing your main network credentials.
IoT Device Considerations
Smart home devices like cameras, doorbells, and smart speakers are frequent targets for hackers. If your router supports it, consider placing these devices on a separate network from your computers and phones. This way, a compromised smart device can't be used to attack your more sensitive devices.
Essential Security Checklist
- Use WPA2 or WPA3 encryption (never WEP)
- Create strong, unique passwords (12+ characters)
- Change default admin passwords on all devices
- Keep firmware updated on routers and extenders
- Enable guest networks for visitors
- Disable WPS if not actively using it
Disabling Unnecessary Features
WiFi devices often include convenience features that can pose security risks. Evaluating and disabling unnecessary features reduces your attack surface.
WPS (WiFi Protected Setup)
WPS allows devices to connect by pressing a button or entering a PIN, bypassing the need to enter your WiFi password. While convenient, WPS has known security vulnerabilities that allow attackers to brute-force the PIN. Unless you regularly connect new devices using WPS, it's safer to disable this feature and connect devices using your password instead.
Remote Management
Some devices allow you to access their settings from outside your home network. While occasionally useful, this feature provides another potential entry point for attackers. If you don't need remote management, disable it. If you do use it, ensure it's protected by a strong password and consider whether your device supports secure connections (HTTPS) for remote access.
Monitoring Your Network
Regularly reviewing connected devices helps you spot unauthorised access. Most router and extender apps show a list of connected devices. Familiarise yourself with what's normally on your network so you can identify unknown devices.
If you spot an unfamiliar device, don't panic. It could be a guest's phone you forgot about or a new smart device. But if you can't identify it, changing your WiFi password will disconnect all devices, allowing you to reconnect only legitimate ones.
Physical Security Considerations
Don't overlook physical security. If someone can physically access your router or extender, they may be able to reset it to factory defaults and bypass your security settings. Keep network equipment in locations that aren't easily accessible to visitors. If you're using outdoor extenders, ensure they're mounted in locations that can't be easily reached or tampered with.
Securing your extended WiFi network doesn't require technical expertise, just attention to basic security practices. By implementing the measures in this guide, you significantly reduce the risk of unauthorised access and protect your family's digital privacy and security.