Why is Wi-Fi security so important? Wi-Fi is a point of entry that attackers can use to gain access to your network without ever being physically inside your building. In this post, we’ll be going over a few things you can do to lock down your Wi-Fi for a more secure network. The best part is: All of the tips included in this post are configuration settings and require no additional hardware.
Here are our top 5 things you can do to help you secure your Wi-Fi:
Keep the firmware up to date
Keeping the firmware up to date is key when trying to keep your Wi-Fi network more secure. Router manufacturers release these firmware updates to counter holes they may find in the security or to make a certain feature have more options or perform better. Hackers, or people with malicious intent, use these holes in older firmware to grab a foothold in your network. If you’re running on an older version of the firmware, you may be putting yourself at risk.
Most networking devices enable you to block or allow clients on the network using a feature called MAC address authentication, or MAC filtering. Every device that connects to the internet has a MAC address, also called a physical or hardware address. By enabling MAC filtering you can allow or deny devices based on the MAC addresses supplied to the networking device. When a computer attempts to connect to the network, the networking device authenticates the device’s MAC address and determines if it should be allowed to connect or if the connection is rejected. This is a helpful guide when trying to locate your MAC address – https://www.wikihow.com/Find-the-MAC-Address-of-Your-Computer.
Change the default SSID
Changing the default SSID (or Wi-Fi network name) plays a huge part in keeping your Wi-Fi network more secure. By default, most routers are set up to broadcast their model name as the SSID to make it easier for the initial setup. By leaving the default SSID you will be putting yourself at risk. You can google most router models and find out the default information for these devices. A quick google search will turn up the IP address the router uses by default, the default administrator login information, and any other settings the router uses by default.
Choose the right encryption
Choosing the right encryption is crucial in making your network more secure. There are many types of encryption but best practice is to use WPA2 + AES as it is the most secure. The encryption methods available are WPA2 + AES, WPA + AES, WPA + TKIP, WEP, and open network (no security at all). Using an older encryption, like WEP which was founded in 1999, can leave you open to a multitude of attacks. This is because of the number of free software programs that can easily be found and downloaded from the internet which can brute force or dictionary attack your WEP key with the click of a button. In 2005, the FBI gave a public demonstration where they cracked WEP passwords in only a couple of minutes using free software. The reason for the demonstration was to show the weaknesses that not many people know about and to promote the use of WPA + AES and later WPA2 + AES.
Wi-fi Protected Setup, or WPS, can be a very handy feature if you need to connect quickly or if you have forgotten your router password. WPS can either be a button you press to force a connection between devices or a shortcode found on the router. Though this may be a quicker solution it can also be very dangerous. If someone has malicious intent and does not have access to your network but access to your router or building they may be able to infiltrate your network through WPS. Not all routers have the option to disable WPS but if yours does, our recommendation is to disable it.
If you need any help implementing these tips or if you need any other type of Wi-Fi, networking or security question, feel free to call the networking experts at SandStorm IT at 901-475-0275.