How to Secure Your Wireless Networks – Part 1: Wi-Fi
Updated: Jul 7, 2019
Here Are Our Ten Basic Tips to Protect your Wi-Fi Network and the Connected Devices.
Wireless networks are ubiquitous these days. We use wireless networks to communicate, listen to music, operate our smart devices, and connect to the Internet. The use of wireless networks is increasing rapidly in an uncontrolled manner. The new Internet of Things (IoT) devices are arriving on the market daily and these devices are Internet-connected. Also, we rely on wireless networks to transmit our sensitive information and to operate and automate our critical systems. Therefore, it is crucial to protect our wireless networks and devices from the bad guys.
So, what exactly is a Wireless network?
A wireless network is a computer network that uses wireless technologies for connecting network devices. Wireless technologies use radio/electromagnetic waves for transmitting and receiving data between network nodes. If used correctly, wireless technologies are secure and convenient. In this blog series, I will discuss the two most popular wireless technologies: Wi-Fi and Bluetooth. I will also explain how to use these two technologies securely at your home and your office.
Wireless Technology #1:- Wi-Fi
Wi-Fi, also known as Wireless Local Area Network (WLAN), is a set of standards/protocols governed by the Institute of Electrical and Electronics Engineers (IEEE 802.11). Wi-Fi allows an easy way to connect a device to a network without the need for a cable. For example, the widely used WLAN specification 802.11n use a radio frequency of 2.4 and/or 5GHz to transmit and receive data. This standard enables wireless access from a distance of up to 250 meters with 650 Mbps data rate. This also means that any intruders can eavesdrop on your Wi-Fi signal up to a range of 250 meters using a suitable radio antenna and receiver. A device called the Router is a key component of your home or office network. This out-of-the-box router configuration is not secure when installed. Therefore, the router must be re-configured to protect your wireless network and the connected devices. Like any other networking technologies out there, Wi-Fi technologies are not foolproof and susceptible to various attacks. These include:
Unauthorized Access – In this attack, the intruder makes unauthorized access to a wireless network and end-user devices remotely.
Sniffing – In this attack, the intruder captures the wireless data packet from a nearby location. This will then allow the attacker to eavesdrop, manipulate, and/or use the data packet to steal personal information.
Spoofing/Rogue Access Points (AP) & Evil Twins – In this practice, the attacker impersonates a wireless device. The attacker creates fake Wireless Access Points (WAP) that look like the legitimate wireless network to gain sensitive information and manipulate user actions.
Denial of Service – The attacker overwhelms the system resources and makes services unavailable for the intended users.
War Driving – In this instance, the attacker physically scans unprotected wireless networks and then exploits them.
War Chalking – In this attack, the attacker pinpoints a physical location to indicate a free, open, and/or insecure wireless network and then publishes it on public places or the Internet.
To protect from the above, the following ten basic steps/configurations are absolutely necessary to secure your Wireless Router and connected devices:
1. Keep your Wireless Router in a Secure Location
All Wireless Routers should be kept in a physically secure place. You must not allow device access to unauthorized personnel or visitors. Please remember, if your wireless devices are not secure then your wireless network is also not secure.
2. Immediately Change the Default Administrator Credentials of Your Router
Update the username and password to access the router web console. If you are not changing the default credentials, then anyone can get into your Wi-fi router and your connected network and devices. Please make sure to use a strong password. Please read my previous blog here articulating how you can Create a Strong Password.
3. Change the Default Name of Your Wireless Network
Update the network name also known as Service Set Identifier (SSID) to something unique. However, don’t use your personal details to name your SSID. Entering personal information will allow targeted attacks to your device. Please read my previous blog explaining how to Protect Your Digital Identity.
4. Disable the Remote Access/Management
If your router is configured to allow connection from an outside network by default, disable it.
5. Use a Strong Encryption Key
Since all data are transferred and received across radio waves, encryption is the best practice for wireless network security. However, make sure you set a strong passphrase (a notably long password) as your encryption key. Please read my previous blog here articulating how you can Create a Strong Password.
6. Use Strong Wireless Encryption
The current best practice for Wireless encryption is using WPA2 (Wi-fi Protected Access v2)technology utilizing the Advanced Encryption Standard (AES). For your home networks, make sure you choose WPA2-PSK (AES)for encryption. For your office/work network, please use WPA2-Enterprise as the security mode. WPA2-Enterprise uses RADIUS authentication for users insted of a preshared key/passphrase.
7. Do Not Use the Legacy Encryption Technologies
Please note, some legacy encryption technologies such as the Wired Equivalent Privacy (WEP) and Wi-fi Protected Access (WPA) encryption technologies are no longer considered secure as they use weak encryption algorithms. So, please do not use them.
8. Keep Your Router Up-To-Date
Please contact your Internet Service Provider (ISP) to get the latest firmware (router software).
9. Enable the Router Firewall
Configure the router firewall accordingly. Close the unused ports. You could always start with a“High” security mode/level and adjust the settings if required.
10. Utilize the Guest Network Option
If you must share your internet connection with your guests/visitors or other less secure IoT (Internet of Things)/smart devices, then utilize the separate Guest Network option.
The above ten basic tips will give you adequate protection for your network. However, in my next blog I will present additional ten tips to secure your device even further. Please stay safe in the Cyberspace everyone!
Aneesh Varghese (Aneesh InfoSec) is the Director & Principal Consultant at InfoSec Consulting Ltd a firm specializing in professional information security (InfoSec) consulting services.