WiFi Repeater Security Tips
Normally I talk about different types of repeaters and getting them setup properly. But the issue with keeping your wireless network safe is even more important when you’re using a WiFi repeater so I’ve put together a quick and easy guide on keeping your network safe. We touched briefly on this with the main wireless repeater setup guide but we might have to dive a little deeper into the tech side of things this time.
It is important to remember that most of the better repeaters will handle this as much as possible for you. They’ll use the latest security and either use your existing password or generate a decent one for the new network. If in doubt check out our easy setup extender which keeps everything from the setup to the security quick and easy.
We tend to take a light approach to the tech side of things and generally the latest security features are set by default on most of the better devices. But given the recent outbreak of IOT exploits (things like smart TVs were being used to attack websites) and an exploit being discovered with the BT repeaters it is a good idea to go through and make sure you are doing everything you can. Wireless security does have several shortfalls at the moment but that is no reason to be lazy when it comes to your network safety.
I’m going to keep it easy to follow but we’re going to have to use more ‘tech talk’ than I normally would use. This is important stuff though guys and while it might be boring it only takes a few minutes work to secure your network so bear with me here.
Why Protect Your Network
The problem with a wireless network is you won’t see your neighbour run a cable through your window and plug it into your router but he might well be leaching your internet if you haven’t secured it properly. This is more than the equivalent of borrowing some milk because it actually has some real problems.
First of all they can increase your bill by going over your bandwidth limits. While doing this they’re also slowing your own connection (which you’re paying for) and if they happen to be doing anything illegal on the line you might well be on the hook for it. Your name is on the bill after all.
And this is just if they’re using your internet. While on the network they have fast wireless access to your devices while they’re connected and the more computer savvy but morally destitute might go after your personal files and details.
So in short “common sense” is a reason to protect your network. For the same reason you wouldn’t let a stranger go through your mail and your wallet without you seeing him you want to know who and what is on your network.
Why a WiFi Repeater Changes Things
Wireless network security is important for everyone but with a WiFi repeater it becomes even more important. First of all because your network has a bigger range it exposes it to more potential people who might try to get in.
Secondly it creates a second ‘point of entry’. Your router could be locked up properly but if your repeater is repeating an open connection then your network is still sitting open. There was a time not long ago where I hooked up an old wireless repeater to my protected network and for some reason it defaulted to creating an open network.
So even though I’d done everything to protect my network the repeater would let anyone in and since it was connected to my router it meant they had a way in.
Bad Advice and Keeping Updated
There’s a lot (and I mean a lot) of very bad advice out there on wireless security. And I mean some just awful advice. So be careful what you read online and keep in mind that things change frequently.
You might well go insane trying to keep on top of everything these days. Some people are paid to do so. Luckily you don’t need to take it that far but just keep your eye out from time to time for updates. Your router will most likely patch itself (they tend to do this at 2AM when they hope you’re asleep) and some repeaters will do this as well but others will have an option to manually check for an update.
WiFi Repeater Security Advice
Keep in mind that these settings need to be done both on your repeater and the router. This is going to make your setup generally a little more complicated but it should only take you a few minutes and it is worth doing.
The firmware for a router or repeater is like the operating system for your computer. This is the software installed on the device which tells it how to work. As security concerns arise these need to be updated. Firmware updates can improve functionality but can also remove existing security risks so it is important to keep them updated.
Some routers will automatically update (usually kicking you offline randomly in the process) others will need you to do them manually. Repeaters don’t automatically update (at least none that I’ve seen) but the update process is easy.
You might find an update button when looking at the settings for your router or repeater which might automatically look for an update. The manual should give you an update location otherwise and if it doesn’t you can Google the name. For example for the Netgear universal WiFi range extender WN3000RP firmware update I would search for something like: ‘Netgear WN3000RP range extender’ then ‘downloads’ or ‘firmware’.
It should be downloaded from a reputable source (such as the vendor website) and will come as an executable which will install while your computer is plugged into the router or repeater. You should update when you first get your device and also every so often.
One of the most common (and most effective) methods of wireless network security is using encryption. Have you ever wondered why some networks have passwords and others do not? Encryption.
Using even the most basic encryption on your network will keep out your average computer user. Short from trying to guess your password (which we’re going to look at next) they’re not going to get in. So you should *always* use encryption on your network.
But some of the older (and to an extent even the newer) encryption methods can be easily broken so you want to avoid encryption like WEP and WPA and instead you should be using WPA2-PSK. Now I won’t get into the tech side of things too much here but technically even WPA2-PSK can be broken. We still suggest using it because even though it is potentially insecure it is still the most secure option. The best advice is to choose a decent password (as long as possible – four random words is a good way to go) and change it once in a while.
If possible you should also disable WPS on both your router and repeater as that can pose a security problem in some situations. You’ll find the option for this (and setting the encryption etc… on the router and repeater setup).
Remember that you need to do this with both your router and WiFi repeater and when you change your router details the repeater will need setup again because it won’t be able to connect with the original details. You can have the repeater using a different password on the repeated network but you do need to give it the password for the router to allow it to repeat the signal.
Default Passwords and Proper Passwords
Change your passwords and change them properly. You should not be using a default password for your encryption or for your setup login (just in case someone does get in the network). So change them from whatever they came as default and do this on both the router and the range extender.
These are not passwords you will use frequently so write them down somewhere and don’t use all the same passwords. If your password is easy to guess people will guess it. If your password is simple software will crack it.
Some people will tell you that a mix of random letters, numbers and punctuation is safest. Others will tell you four randomly mixed words. I say go for a mix of the two.
Weak password examples: Alice, @lice, alicealice, alice123
Strong password examples: fisHm0nkEy$ma11to3, r3Dp1r6atey3!!0wC4rd.
Change your passwords once a month or so and check in on your router logs to see if there is anyone connecting who shouldn’t be. You will find the log options somewhere inside the router setup (usually a website like 192.168.0.1) look in your manual for your specific routers details.
A MAC is a unique identifier to a network interface. Think of it like a unique phone number. Your router, repeater and wireless devices all have one. Mac filtering prevents anyone but predefined MAC addresses from connecting. So you can configure your router to allow your devices (and the repeaters MAC or the repeater will not work) and the repeater to allow your devices MAC.
Truth be told this is actually pretty ineffective. Anyone who knows how to attack your network in the first place will have software which can disguise or ‘spoof’ their MAC to make it look like yours. But if someone is going to try and attack my network I’m going to make them work for it.
Your SSID is your network name. For example ‘AliceNet’. Both your router and your wireless range extender will have one. Personally I use a different SSID for each to make it easier to track which I’m connected to but in either case you’ll find a setting to ‘hide SSID’.
This if you click ‘show wireless networks’ in your area you won’t see your network show up. To connect a device you need to tell it the SSID specifically. Much like the MAC filtering this doesn’t really stop anyone because the same tools they’d use to break in will show a hidden SSID network. But again, why make it easier for them.
Remember to hide the SSID on both your router and repeater and ideally use a different name for each (don’t use a similar name).
If you don’t want to hide the SSID you can at least consider the naming convention. If your original network name is “SKY14664” for example. By default your repeater might want to call the new SSID “SKY14664 REPEATED”. To an attacker they can easily connect both devices as being on the same network. You could name it something entirely unrelated like “Free WiFI” or even go in the opposite direction and call it “AT&T Router”.
I wouldn’t worry too much about the SSID. An attacker who knows what they’re doing will be able to see the connection between the repeater and the router anyway. But anything you can do to make it harder for them is a good start.
Most networks use DHCP dynamic IP addresses. This means your router and repeater assign an internal IP to your device when you connect to it. So anyone who connects gets an IP from the router or repeater.
If you disable DHCP and set static IPs to your devices MAC addresses and disable anything else you add an extra layer of protection. The observant among you will notice that if they fake their MAC address for MAC filtering this won’t matter but again – every little helps.
If you do this remember that everyone connected through the repeater will be treated as one person to the router. It will just see the repeater connect so set its MAC to a specific IP and add your MACs to the repeater.
Some routers and repeaters will allow you to set an access schedule. This means it only allows internet connections at certain times and can be set for everyone or specific MAC addresses.
You can always change this as needed by logging into your router and/or repeater but to really lock things down you can set it to disable the internet while you’re not using it. By default my network is only up while I’m in the house so even IF someone gets in it only works when I’m there to notice something going on.
Only So Safe
Keeping a network safe is a never ending arms race. As things get more secure the exploits get more sophisticated so even if you do everything in this guide you’re only so safe. Try to keep up to date on the latest changes and I’ll try to keep this guide updated so bookmark us and keep checking back once in a while to see if there’s anything new.
Secure WiFi Repeaters
Finally if you haven’t picked a WiFi repeater already then security is something you should take into account. Some of the lower standard devices don’t have the same security features your router does which leaves an easier entry into your network. Security is something I consider important and our number one rated best WiFi repeater has some of the best security features on a wireless repeater.