A wireless network will always be inherently less secure than a wired network. Nevertheless, it is possible to strengthen the security of your WiFi network to a great extent by applying the tips in this article.
There are numerous prominent myths in regards to securing a wireless network.
I will firstly refute four familiar myths that are perpetuated today. And then I will elaborate on several security measures that are effective.
The Four Myths
1. Hiding the WiFi Network Name also known as not broadcasting the SSID to the public.
By hiding the SSID, you are slipping into the notion that if you hide your wireless network’s name, you will feel safe and not have to worry about possible intruders. Hiding the SSID is in reality extremely dangerous.
It is impossible to stop the SSID from broadcasting altogether. There are at least four means in which the router still reveals a hidden SSID to everyone.
With popular network scanners such as Kismet, it takes mere seconds before a malicious actor can intercept a hidden SSID.
Along with the numerous data packets and information, the router delivers out; it will inevitably still send the SSID in a unencrypted manner. Hence, the SSID is being exposed to whoever is present in your neighborhood and this is even when you have made the effort to “hide” your SSID in the configuration of your router.
Hiding the SSID is extremely detrimental to the security of your WiFi Network.
Perhaps the greatest risk in hiding the SSID lies within something greater. If you have turned off the broadcasting of the SSID in the router, you will create an additional conflict where the connected computers have to reveal their locations continuously. Thus, they will spread the SSID in every direction they travel. Your computers will be literally shouting out: “Is there a WiFi network around called ABC?” We don’t want this to happen because it will make your laptops vulnerable to the attacker. The malicious actor is able to establish an access point with the SSID of your wireless network. This is dangerous because your laptop will connect to it automatically without seeking permission or verification. The malicious actor, thereby, is able to monitor all of your network traffic and could even access the hard drive of your laptop.
2. Disabling DHCP
DHCP is automated in that it assigns IP addresses. By disabling it, nothing good can be achieved. A malicious actor can see the IP arrangement of the targeted network with minimal effort and allocate himself a valid IP address.
3. Making use of a MAC address filter
Using a MAC address filter is pointless since the intruder can simply perceive the MAC addresses needed to grant access to the router. The intruder can then spoof his own MAC address in an effortless attempt to gain access.
4. Relying exclusively on WPA2-PSK encryption
Unfortunately, WPA2 encryption can be cracked. When we think of WiFi, we drift into the assumption that the wireless network can only be cracked offline. We may conceive that an attacker will merely have to guess a password and proceed to log into the wireless network with it. Thus, we will just think that they can’t guess the password many times per second. This does not hold to be true. When a laptop connects to a WPA encrypted WiFI network, a four-way handshake is achieved. A malicious actor is able to utilize a tool like airodump to observe the traffic being conveyed over the air. This would catch the four-way handshake. The individual will then possess the necessary raw data to carry out an offline attack. He will be able to guess possible passwords and attempting them against the four-way-hand-shake data up until they discover one that complements.
Tips on securing your WiFi network
You will need to alter particular settings in the configuration setting of your router. You can access your router’s configuration by entering a certain local IP address (typically 192.168.1.1) in your web browser.
1. Broadcast the SSID
The network name (SSID) should not ever be hidden and therefore, should always be broadcast.
2. Enable the built-in firewall
Most modern routers have a built-in firewall that you may turn on in the configuration setting.
3. Choose WPA2 over WPA if you can
The ideal signal encryption is WPA2 Personal. If your router or your wireless card does not support this, then choose WPA Personal. If your router can not choose WPA, then you must immediately buy a new one. Do not delay as not having at least WPA Personal will significantly expose you imminent security danger.
4. Choose AES only
AES is the most secure form of WPA encryption. Therefore, you must set it to “AES only.” Do not select the less secure TKIP. Also, don’t make the mistake of choosing “TKIP + AES” since that would mean that the encryption would be backward compatible with TKIP.
5. Change the administrator password on the router’s configuration screen
Change the administrator password of your router’s configuration in order to reduce the risk of a malicious actor being able to guess out the password through a default list had you left it.
6. Change the default network name (SSID)
If you change the default network name of your router to one of your own, you will not run the risk of other people being able to figure out the brand of the router.
7. Disable Universal Plug and Play (UPnP)
It is recommended that you disable Universal Plug and Play (UPnP) since it can lead your router to be subject to attacks.
8. Construct your own WiFi passphrase
Get rid of the WPA passphrase that your router’s manufacturer could have likely installed on it. It is best to choose a passphrase that is long and relatively complex. You should choose at least 10 characters. 20 characters are obviously going to be much longer to crack than 10.
9. Change your WiFi password occasionally
As earlier mentioned, WPA2-PSK encryption can be cracked too. Therefore, you should consider changing the password at least every six months or perhaps once a year. This could aid you if you think a malicious actor is attempting to crack your passphrase.
10. Alter the router’s configuration settings only when connected with a network cable
It is best to only alter the router’s configuration settings through an ethernet cable. A wireless connection will always bring more risks, and we shouldn’t take these unnecessary risks. Some routers even allow you to prevent access to the configuration of the router from WiFi connections and only through wired connections. Of course, not every router grants you the option of doing this. However, if your router permits you to do so, implement this restriction.
11. Update the router’s firmware
Make sure to check the website of your router’s manufacturer to see if there is a newer firmware update available. Firmware updates typically enhance security and stability through patching potential issues and bugs.
12. Be vigilant when using unprotected networks that belong to others
Be very careful when you are using unprotected and shared wireless networks that belong to others. These include airports and hotels. Anyone who is within the distance of the unprotected wireless network is capable of tracking all of your wireless traffic and openly attack your laptop. Always use https when visiting sites and send only encrypted information. Keep your operating system updated. And use a software firewall. Also, make sure to check to see if the site you are visiting has a valid SSL certificate.
Therefore, always use https when visiting websites and send only encrypted information. Use a software firewall and keep your operating system updated. Also, make sure to check to see if the site you are visiting has a valid SSL certificate.
13. Deactivate Wi-Fi Protected Setup (WPS) in the router
Many contemporary routers contain the feature WiFi-Protected Setup (WPS). This feature is typically enabled by default. The purpose is to make it easier for those with only bare knowledge of wireless security and serves to connect devices wirelessly without having to type in long passwords. WPS constitutes as a huge security risk. A malicious actor can retrieve the WPS PIN code in less than an hour, which would immediately reveal the WPA-PSK/WPA2-PSK pre-shared key of the WiFi network. If you already have WPS enabled on your router then disable it immediately and change the WPA-PSK/WPA2-PSK passphrase right away.
I have illustrated how four popular myths circulating in our society today hold not to be true. We have come to the realization that no wireless network or even a wired network are entirely safe from potential attackers. Nevertheless, the tips discussed in this article are used to minimize the possible dangers and risks inherent in wireless networks. By adhering to these tips, we are clearly heading towards the right path: strengthening our wireless network’s security. But most importantly, we have now learned that vigilance is the key in guarding both wired and wireless networks from the evils deeply embedded within our modern world.