Ten Wi-Fi security tips
Technology brings great benefits for your business, and to you as an everyday user. However, the more a device, a network, or system is used, the more it is prone to computer attacks. Wi-Fi has been one of the most promising technology for the past years, and it continues to connect our lives with information. Knowing that it continuously expands, how secure can it be kept? In this short writing, we will explore few common ways to ensure the security of your Wi-Fi network.
1. Change default passwords: Most wireless routers and access points are pre-configured with default administrator passwords to simplify the initial device setup. These default passwords are easily found online. For example, sites such as cirt.net let you discover the default passwords of a device, often categorized by the brand, and by the model. Changing default passwords makes it difficult for attackers to gain administrator rights of the device. It is a simple form of security that will make access much more difficult, and adding periodical changes of secrets to that will make it even more difficult for attackers to acquire this vital piece of information. When you create a strong password for your wireless network, make sure it contains at least 20 characters, including numbers, letters, and symbols. This will circumvent passwords found in a dictionary, or will make the use of bruteforcing (trying all possibilities) impractical.
2. Restrict access: Only allow authorized users to access your network. For example, you can restrict access to your network by filtering MAC addresses, or by implementing some form of centralized authentication system to keep access under control (such as a AAA server). You can also utilize the “guest” account, which is a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of your primary credentials. With WPA3 Enhanced Open option, you can now enable encryption for the open authentication method.
3: Encrypt the data on your network: Encrypting your wireless data prevents anyone who might be able to access your network from viewing it. Information is sent over the air, and when it is not encrypted, tools can be used to map information, and to recover it from the transmitted packets/frames. There are several encryption protocols available to provide this protection. For example, Wi-Fi Protected Access (WPA), WPA2, and WPA3 encrypt information being transmitted between wireless routers and wireless devices. WPA3 is currently the strongest encryption. WPA and WPA2 are still available; however, it is advisable to use equipment that specifically supports WPA3, as using the other protocols could leave your network open to exploitation.
4. Protect your Service Set Identifier (SSID): To prevent hackers from accessing your network, hide your SSID. When nearby users try to find a Wi-Fi network, their device will show a list of nearby networks from which they can choose. If you disable name broadcasting, though, your network won't show up, keeping your Wi-Fi connection invisible to those who do not know to look for it. It is also important to change your SSID to something unique, something that does not disclose any personal information, thereby throwing hackers off their mission. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities.
5. Use a firewall: Consider installing a firewall either on your wireless devices (a host-based firewall), as well as on your router (if possible, and if provided by the manufacturer of the device). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer.
6. Update your antivirus software: Install antivirus software and keep your virus definitions up to date on your systems. Many antivirus programs also have additional features that detect or protect against spyware and adware. This will prevent attacks to be launched from the potentially tempered devices to the network, as such your Wi-Fi devices will be kept safe.
7. Reduce the strength of your antenna: The antenna is the component that broadcasts your Wi-Fi signal to the nearby location. It is a component that can be discovered often from an outside location, such as a parking lot. By reducing the antenna coverage, you will not make it easy for attackers to discover, and to connect to your networks. The technique they use is called war driving, but the advanced features of your access point often have the possibility to only use a percentage of the broadcast area for the Wi-Fi discovery.
8. Keep your access points software patched: Wireless access point manufacturers will periodically release updates to and patches for a device’s software and firmware. Check regularly for any updates or patches for your device. Unfortunately, updates are not as common on these systems as they would be on a PC, but it is worth checking from time to time. When you update your device, it could also add new features and possibilities, such as WPA3, Ipv6, advanced firewall rules, etc.
9. Connect using a Virtual Private Network (VPN): VPNs allow employees to connect securely to their network when away from the office. VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted. When you log in with your credentials your computer exchanges keys with another server. Once both computers have verified each other as authentic, all your Internet communication is encrypted and hidden from outside prying.
10. Do not rely on a single protection method: In Wi-Fi, as with most of technology, it is always important to consider creating a strong layer of defenses that is comprised of multiple levels of security, that is multiple protection methods. One single countermeasure is often not enough to stop a complex attack to occur. For that reason, it is important to define a strategy that takes advantage of many form of security. Often, it will be based on the capability of the software and the hardware, but will also depend on the internal politics of the organization.
Want to learn more?
Contact us about the possibilities of taking certification courses that address these topics. Or, browse our suggested courses: