It’s important for all businesses and individuals to make sure their wireless network is secure. Luckily, there are many resources available to help you do this.
Your technology support team at Integris has put the following eleven tips to secure your Wi-Fi network:
1. Create a strong password.
Hackers can access everything, even WPA2 (Wi-Fi Protected Access 2) if you’re not using a secure and strong password. Sophos has created a video to show how simple it is to crack a password: WPA Encryption Can Be Cracked – YouTube. They’ve also created a guide to help you create easy-to-remember yet hard-to-crack passwords: IT Security Training Tools – Password quick tips | Sophos. A strong password will prevent criminals from learning your password and observing what you’re doing online. Cybercriminals will often use Cloud Services to crack passwords, so when you’re using a short password that seems secure, it still may not be safe.
2. Use strong encryption.
It’s a good idea to enable Wi-Fi protected access (WPA); but WPA2 would be ideal because it offers even stronger data protection and network access control. This will give your Wi-Fi with stronger encryption to secure all your communications. Hackers can easily crack WEP (Wired Equivalent Privacy), which is not as secure as once believed and doesn’t offer end-to-end security.
3. Change your networks name.
In actuality, the network SSID (Service Set Identifier) such as the term “Home,” is part of the security for encrypted networks; so when you use a default name, it makes it much simpler for hackers to guess your password. Using a unique network name that doesn’t give away too much information will help because this way, attackers won’t be tempted to choose you as a target.
4. Remember to consider your authentication strategy.
Those who use WPA2-PSK (Phase Shift Keying) are sharing the same password with employees, family and friends. This could lead to accidentally or unintentionally sharing the password with others, which means any of them can view your network traffic. Employees who leave your company will typically retain a network’s key, which allows them to use the network or decrypt your traffic. Larger companies should consider using RADIUS (Remote Authentication Dial-In User) or a certificate-based authentication mechanism so each user will obtain their own managed credentials. This will help to make sure users cannot share the key to your network.
5. Manage all the network names you’ve previously used.
Typically, computer devices will remember the names of networks you have connected to by default. For example, I’m sure you’ve noticed that after using a hotel’s Wi-Fi, your computer device probably remembered the name and searched for that network in the future when you’re traveling. This means that the wireless scanning tools often used by attackers can identify your device and see that it has connected to a network with that name; which may not seem like an important issue, but often wireless network names give away clues about what business you work for, Websites you’ve visited, and in extreme cases your address (networks have been found to be named after street addresses). If you notice a profile you’ve used in the past gives away sensitive information, be sure to remove that profile.
6. Consider ‘SSID Hiding’ very carefully.
The feature ‘SSID Hiding’ is made to hide your network name from any lists that people in surrounding areas can see on their devices; which means that the user has to physically configure the network name and password. SSID is a useful feature because it hides your network, which reduces the temptation for attackers to hack into it. However, it will only take a few seconds for an attacker with basic hacking knowledge to reveal your network’s name, which makes this unreliable unless you’ve combined it with a good password and strong encryption.
7. Be weary of device authorization lists.
MAC address filtering was made to prevent devices from using your network if they aren’t on a preauthorized list of hardware devices, and it’s often assumed to be a strong defense. However, attackers can forge MAC (Media Across Control) very simply. Manually authorizing these addresses can also be an administrative burden for your organization, so it’s a good idea to follow the rule of “defense-in-depth.” Instead of using MAC address filtering, it’s highly recommended that you focus your efforts on strong encryption and passwords. Also, if you change the SSID, it will make it much harder for an attacker to crack into your network because they’ll have to re-compute against your SSID name.
8. Practice defense-in-depth.
Network security is only one small part of having a good security strategy. The right security practices can help secure your network, even if your wireless network becomes compromised. Start by following best practices for endpoint protection, Web security and patching. This will reduce the odds of your data being stolen by a hacker.
9. Manage all wireless access points.
Always ensure your wireless access points use accurate security configurations (especially in your branch offices). A lot of businesses ensure they’ve got secure wireless in their headquarters, but have weaker access-point configuration in their branch offices; this undermines all their security efforts. Remote logging and policy management should be a priority to ensure security is dependable throughout your company.
10. Protect yourself on open networks.
Hotels and restaurants often provide open hotspots, but connecting to them demands you take additional steps to ensure hackers won’t see your traffic. To encrypt all your traffic over their wireless network, use a strong VPN (Virtual Private Network) and check to make sure hotspots are legitimate before you provide any login information or credit card details; cybercriminals often create fake hotspots.
11. Restrict traffic and manage your visitors.
If it’s necessary for your business to provide guest access to your network, you should consider creating a separate network for them that includes restrictions on what they’re able to access. An easy way to do this would be a hotspot registration portal, along with wireless solutions that enable you to provide guests access to the Internet while ensuring they can’t to access corporate data.
Do you have questions about your technology security? Contact your team of Technology Support professionals at Integris today.