Basic Steps to Secure Wi-Fi

  • 152 views
  • 4 minute read
Total
0
Shares
0
0
0
0
0
0
Share
0 people shared the story
0
0
0
0
0
0

Recently I was in a corporate building visiting my client. While waiting in the reception, I flicked my smartphone’s Wi-FI on and was surprised to find a list of unprotected wireless connections which I could connect to without any authentication. The best part was when I was able to get a lease from a DHCP of an internal network’s IP address which actually allowed me to use UNC and access shared folders in the network. WOW – now that’s what I call a potential security breach in that company. Yes, there have been tales floating around of successful “war driving” through corporate buildings and parking lots just to find out open and unsecured Access Points which allows a competitor or a techie hired by a competitor to enter the corporate network.

Essentially, for a wireless network to be practical in enterprise networks, it needs to satisfy several requirements that are best addressed in a wired network.

Security policies differ from companies to companies but there are certain definate core requirements essential to secure wireless networks. The requirements of wired and wireless access have a great deal in common. From a security perspective, the main difference is that a wired network is assumed to be safe from eavesdropping whereas in a wireless network, it is assumed that all bits are open for all to hear. Here are some security items that should form a part of your core wireless security checklist:

  • Authentication and Policy: This helps to keep prying eyes out of your network. The rule is, allow the right people in the network and keep the unauthorised people out. Moreover, once a user is authenticated, items like which network resources need to be protected and to what degree, who should access the resources, etc. should also be identified.
  • Change Default Router Settings: The first thing to do is to login to your router’s administration page and change the password of the administrator account to something more secure. By default this is accessible from http://192.168.1.1 using username as ‘admin’ and password as ‘admin’ or ‘password’. This will prevent others from accessing the router and you can easily maintain the security settings that you want.
  • Hide SSID: Always ensure that the data sent over the wireless network is not being intercepted. A wireless signal serves as an open invitation to those unwelcome individuals who—at a minimum—want a free ride on the Internet, but who could also steal corporate information and damage the organization in other ways. Most Access Points and routers automatically and continiously broadcast the network’s name, or SSID (Service Set IDentifier). This makes your Wireless LAN visible to any wireless systems within range of it. Turning off SSID broadcast for your network makes it invisible to your neighbors and passers-by. Do remember that Wi-Fi scanning tools like inSSIDer (Windows) and Kismet (Mac, Linux), which are available freely on the Internet will still allow anyone to find all the available Wireless Networks in an area even if the routers are not broadcasting their SSID name. But again, every bit of inconvenience for those prying eyes helps.
  • Enable Network Encryption: In order to prevent other computers in the area from connecting to your wireless network, you need to encrypt your wireless signals. There are several encryption methods for wireless settings, including WEP, WPA (WPA-Personal), and WPA2 (Wi-Fi Protected Access version 2). WEP is basic encryption and therefore least secure and can easily be cracked using tools like AirCrack. A better way to protect your WLAN is with WPA (Wi-Fi Protected Access). WPA provides much better protection and is also easier to use, since your password characters aren’t limited to 0-9 and A-F as they are with WEP. Enter a passphrase to access the network; make sure to set this to something that would be difficult for others to guess, and consider using a combination of letters, numbers, and special characters in the passphrase.
  • Use MAC Filters: Whether you have a laptop or a Wi-Fi enabled mobile phone, all your wireless devices have a unique MAC address (nothing to do with Apple Mac). Unlike IP addresses, MAC addresses are unique to specific network adapters, so by turning on MAC filtering you can limit network access to only your systems (or those you know about). In order to use MAC filtering you need to find (and enter into the router or AP) the 12-character MAC address of every system that will connect to the network, so it can be inconvenient to set up, especially if you have a lot of wireless clients or if your clients change a lot. MAC addresses can be “spoofed” by a knowledgable person, so while it’s not a guarantee of security, it does add another hurdle for potential intruders to jump.
  • Disable Remote Administration: Most WLAN routers have the ability to be remotely administered via the Internet. Ideally, you should use this feature only if it lets you define a specific IP address or limited range of addresses that will be able to access the router.
Total
0
Shares
Share 0
Share 0
Tweet 0
Pin it 0
Share 0
Share 0
Related Tags

An expert in technology, a compelling blogger, an engaging speaker, a passionate wildlife photographer, a creative artist, and a road-trips enthusiast - I love to live at the intersection of technology, creativity, and exploration. Such dynamic blend of interests makes me a relentless learner who is always in pursuit of excellence.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like