How to Secure Your Wireless Networks – Part 2: Wi-Fi
Updated: Aug 15, 2019
Here Are Our Ten Advanced Tips to Protect your Wi-Fi Network and the Connected Devices.
Wireless networks are ubiquitous these days. We use wireless networks to communicate, listen to music, operate our smart devices, and connect to the Internet. The use of wireless networks is increasing rapidly in an uncontrolled manner. The new Internet of Things (IoT) devices are arriving on the market daily, and these devices are Internet-connected. Also, we rely on wireless networks to transmit our sensitive information and to operate and automate our critical systems. Therefore, it is crucial to protect our wireless networks and devices from the bad guys.
Like any other networking technologies out there, Wi-Fi technologies are not foolproof and susceptible to various attacks. These include:
Unauthorized Access – In this attack, the intruder makes unauthorized access to a wireless network and end-user devices remotely.
Sniffing – In this attack, the intruder captures the wireless data packet from a nearby location. This will then allow the attacker to eavesdrop, manipulate, and/or use the data packet to steal personal information.
Spoofing/Rogue Access Points (AP) & Evil Twins – In this practice, the attacker impersonates a wireless device. The attacker creates fake Wireless Access Points (WAP) that look like the legitimate wireless network to gain sensitive information and manipulate user actions.
Denial of Service – The attacker overwhelms the system resources and makes services unavailable for the intended users.
War Driving – In this instance, the attacker physically scans unprotected wireless networks and then exploits them.
War Chalking – In this attack, the attacker pinpoints a physical location to indicate a free, open, and/or insecure wireless network and then publishes it on public places or the Internet.
Please read my previous blog (Part #1) advising the ten absolutely necessary basic steps/configurations to secure your wireless router and network.
In this blog I am giving you ten additional advanced tips to secure your wireless device and network even further:
1. Turn-off the Legacy 2.4GHZ Band
If your Router comes with dual bands (e.g., 2.4 GHz and 5GHz), if possible, turn off the 2.4GHz band. I am assuming that you don’t have any legacy devices, which requires 2.4GHz to connect.
2. Reduce the Wi-Fi Range/Distance
If all your devices are nearby and do not need a strong wireless signal, then you can reduce the transmission power. Doing so will minimize intruder access. The popular home routers can transmit the signal up to 250 meters.
3. Hide Your Network Name
Disable the SSID (Service Set Identifiers) broadcasting to hide your network name. Once it is hidden, you have to manually configure your devices to connect to your private/hidden network. However please remember, hiding your network alone will not protect your network from other wireless attacks mentioned above.
4. Disable the WPS (Wi-Fi Protected Setup)
The Wi-Fi Protected Setup (WPS) feature allows one to add new devices to an existing network without entering the long passphrases. However, the current WPS flaw/defect allows a remote attacker to recover the WPS pin in a few hours with a brute-force attack.
5. Configure MAC (Media Access Control) Filtering
Use the Media Access Control (MAC) Filtering feature and limit access to the network to only the allowed devices.
6. Consider Using a VPN
If you must use a shared open Wi-fi, then use a Virtual Private Network (VPN) connection to tunnel all your network communication. However, please make sure you are using a trusted VPN provider.
7. Use a Better/Secure DNS Servers
Use a better, secure, unfiltered DNS server such as the Google Public DNS.
8. Consider Turning-off Unwanted Tools and Services
Turn off tools/protocols such as ICMP (Internet Control Message Protocol)/Ping, SAMBA, and FTP.
9. Frequently Monitor for Rogue Access Points (AP) & Evil Twins
If you notice the presence of rogue Access Points (AP), immediately report it to the authority/the security team and shutdown them quickly.
10. Security Awareness
Educate your family and team members and advise them to use these technologies safely and diligently. Please share my previous blog article explaining “How to Protect Your Digital Identity: The Basics” with your family and friends.
Please stay safe in the Cyberspace everyone!
Aneesh Varghese is the Director & Principal Consultant at InfoSec Consulting a firm specializing in professional information security (InfoSec) consulting services.