Hello, I have been scourging the internet looking for an answer but sadly I am not able to find one so I suppose I will ask my question here. Is there a way to boot a device off my WiFi from my computer or the app without having access to the device?
Yes, most routers have a function called Access Control. You need admin access to your router (or gateway) and the settings are normally under Security. Netgear devices it's Advanced/Security/Access Control. From there you can allow or block specific devices. Some manufacturers call this MAC address filtering. Please post the make/model of your gateway or router if you need more help.
You could also just change the Wifi password, that way no one who doesn't have the new password can access your wifi - it is probably easier than figuring out the MAC address of the one you want to kick off.
I was confused about the wording (boot) because I initially thought Michael wanted to remotely reboot a device. Yes?
No? The above mentioned are good security practices but I don't know why a "scourge" wouldn't find an answer.
MAC Address Filtering only allows the specific address of a Network Interface Card (wireless) to access your network. The specific address is called Media Access Control...or MAC address. Each card has a permanently burnt-in address so it will never change, for example, 01-23-45-67-89-ab. Every network device has one and you can research its MAC address through its user interface. You should research and note every MAC address on your network and allow it on your router. Of course, that's after you've enabled MAC Address Filtering on your router. Your router will then block all other requests from different MAC addresses.
Yes, change the Network Key for your network. Not the administrative password yet...but the key for your wireless devices to encrypt and decrypt your wireless data.
Change the administrative password on your router. Never use the default and now change it because an unauthorized user may have broke it.
Change the name of your network. The name of your network is called Network Name or SSID. Change it to something that doesn't identify YOU, such as Michael's Network, 5 Hill Street, My Dog Rusty, etc.
You could also opt to not advertise your network. That would be an option within your router settings. For example, when you're connecting a new device and browse all available wireless networks, you can see all the routers in your area advertising their Network Name. If you don't advertise, you're forcing a hacker to guess the specific name of your network. However, there are tools that can detect your network anyway, but it's still an added step to access your network.
Limit the number of devices on your network at any one time. For example, if you only have 4 devices (wireless laptop, SmartTV, computer tablet, Roku), then configure your router to only issue 4 IP addresses at any one time. Again, just another step against hacks.
The only truly effective way to prevent other people from accessing your Wifi is to change the wifi pre-shared key (password/passphrase)
IF your attacker is sophisticated (and/or has access to certain software), the following methods of security are bypassed as described:
SSID (Wifi Name) can be figured out if a sophisticated attacker knows the Wireless MAC address of your device.
Not broadcasting the SSID doesn't prevent the signal from being there, it just makes it slightly more difficult to connect.
Filtering by MAC address can be spoofed by some wireless devices masking their MAC id and using one of the ones they detect connecting to your network.
Limiting the DHCP IP address pool can be bypassed by just assigning your own device a static IP
Bruce, I'm not sure of the point of your post. Everything you say is true but it doesn't answer Michael's original question. All he wanted to know is how to boot (as in "give it the boot") and keep a device off his network.
grymwulf, changing the WiFi key (password) will work but then you must reconnect every other device on your network with the new key. Depending on how many devices you have, that may be a big task, bigger than looking thru a list of connected devices and disabling the one in question.
Is any security measure 100 percent effective? No. But if you use all security measures available, you're implementing a "layered security" model. Yes, an attacker could eventually bypass each layer one-by-one, but most would just move onto a weaker network.
However, if an attacker is specifically targeting YOUR network, such as a neighbor, they could run brute-force software on your key. It would take a while...especially WPA...but you're neighbors. Will you be moving soon?
You don't need to be sophisticated because even an unsophisticated attacker can still get lucky. All you can do is make it more difficult with added steps.
How to "boot...and keep a device off his network" was my point. If an unauthorized device is on his network, you not only need to deny it...but figure how it got access. Is he to just block it?
Is that your practice...block every unknown MAC address connected to your network?
If you know how to find the MAC addresses of the devices you want to allow access, most MAC filters can switch over to whitelist operation - that way you enter only the MAC address of the devices you want to allow access.
Here's an article on how to find MAC addresses of PCs: http://www.wikihow.com/Find-the-MAC-Address-of-Your-Computer
Android: https://help.utk.edu/kb/index2.php?func=show&e=1947
iPhone/iPad: http://optimum.custhelp.com/app/answers/detail/a_id/2459/~/finding-the-mac-address-on-an-ipad,-iphone-or-ipod-touch
Those would be good references for Allen.
