A wireless network is a form of communication that allows devices to connect to each other and the Internet without the use of physical wires or cables. A wireless network is typically made up of:
Wireless Router
The heart of a network which can broadcast the wireless signal and manages connections between devices. In some setups, the built-in Wi-Fi is disabled, and a Wireless Access Point (WAP) is used instead.
Wireless Access Point (WAP)
A WAP connects directly to the main router via an ethernet cable and broadcasts a wireless signal to allow wireless devices to connect to the network.
Wireless Devices
Any device that connects to the wireless network; like a laptop or smart tv, using a wireless connection. These devices have wireless network adapters built-in to allow them to connect to wireless networks.
Wireless networks are super convenient, but it can leave you open to attack if you are not careful. Wireless networks are prime attack vectors as they are often configured for convenience as opposed to security and provide easier access into a home Wi-Fi network.
Understanding Wireless Network Security
Wireless networks are a part of our daily lives. They give us easy Internet access and allow us to connect multiple devices without using cables, but it is important to know how to keep these networks safe from cyber-attacks. Here are some things you should understand about Wi-Fi network security:
Encryption
Encryption scrambles the information sent over your wireless network, making it unreadable to anyone who intercepts it without the correct key. There are different encryption methods available, but it is important to choose the most secure option. Here are the most common wireless encryption methods you will encounter:
WPA3 (Wi-Fi Protected Access 3)
This is the newest standard in wireless network security. It has strong encryption algorithms and provides better protection against offline password-guessing attacks. Additionally, implementing media access control (MAC) can further enhance security by restricting unauthorized access.
WPA2 (Wi-Fi Protected Access 2)
While not as secure as WPA3, this is still widely used and considered good enough for most home and small business networks.
WEP (Wired Equivalent Privacy)
This is an old encryption method that has many vulnerabilities and can be easily exploited. Avoid using WEP if possible.
You can choose which encryption method to use for your wireless network in your router or wireless access point’s settings.
Dangers of Public Wi-Fi
Public Wi-Fi hotspots offer convenient Internet access on the go, but they are not without risk to your internet connection. Hackers on public Wi-Fi networks might intercept emails, steal logins, or even access your online banking. There are some security risks with public Wi-Fi which you should be aware of:
Insecure Connections
Many public Wi-Fi networks lack encryption, exposing your data (emails, browsing history, login information, banking information) to interception by anyone with the right tools. Your Internet Service Provider (ISP) plays a crucial role in maintaining secure connections by regularly updating the firmware of their equipment, but many users opt to use their own routers and may not be aware of the importance of keeping their devices updated, potentially exposing them to cyber threats.
Rogue Access Points
Hackers sometimes set up fake Wi-Fi networks with names similar to legitimate networks to harvest sensitive information from devices using the rogue access point. It is important to double check you are connecting to the correct access point.
Unintentional Exposure
Some Wi-Fi networks require you to install or agree to terms that may expose data you do not realise you are sharing. It is important to read carefully before agreeing to share your data.
Protecting Yourself on Public Wi-Fi
It is always best to avoid sensitive activities like online banking or entering credentials on a public Wi-Fi network. Here are some tips on how to stay safe on public Wi-Fi:
Use a VPN
A Virtual Private Network (VPN) creates a secure tunnel and encrypts your traffic even on unencrypted public networks.
Limit Data Sharing
Avoid accessing banking accounts, online shopping, or entering passwords on public Wi-Fi connections where possible.
Stick to HTTPS Websites
Look for the padlock symbol and HTTPS in the address bar when browsing, as this indicates an encrypted connection to the site.
Turn Off File Sharing
Disable file and printer sharing on your device to prevent exposing confidential information such as financial documents or personal photos to other devices on the network.
Eight Steps to Secure a Wireless Network
Wi-Fi routers play a crucial role in securing your wireless network from cyber threats and unauthorised access. Securing your wireless network does not have to be difficult. By following these eight steps, you can strengthen the security of your wireless network.
1. Change Default Passwords & Usernames
Often networking devices like routers and wireless access points come with default usernames and passwords. These default credentials are widely known and can be easily used by attackers to gain access to your network. It is important to change default usernames and passwords to unique values. For a strong password, consider implementing a password that:
· Has a minimum length of 8 characters
· Contains at least 1 uppercase character
· Contains at least 1 lowercase character
· Contains at least 1 number
· Contains at least 1 special character
2. Lock down with Strong Encryption (WPA3/WPA2)
Encryption plays a key role in securing data on a wireless network. It ensures that even if someone intercepts your wireless communication, they will not be able to understand the data without the decryption key. There are different encryption standards in wireless security, look for WPA3 which is the latest and most secure option. If your hardware does not support it, WPA2 is still a secure option. Avoid using outdated methods like WEP which can easily be cracked.
3. Limit Access via MAC address Filtering (Optional)
MAC address filtering allows you to create a list of approved devices for the network. Each device has its own unique identifier (MAC address) which provides you with some level of additional access control and can deter casual attempts to access your network. While it can be bypassed by skill attackers through spoofing, it does offer an additional hurdle for an attacker to overcome. MAC address filtering should not be used as a main line of defence and should be used in conjunction with strong passwords and encryption. It is also important to assess whether MAC address filtering is appropriate for the purpose of your wireless network. For example, it might be used in small private wireless networks like inside homes to prevent someone from casually connecting to the network. Additionally, protecting the Service Set Identifier (SSID) by obscuring it and changing the default SSID can enhance security and prevent unauthorised access.
4. Set Up a Guest Network
Setting up a separate guest network is a simple yet effective way to secure your wireless network. By providing your guests with Internet access through an isolated guest network, you can prevent malicious devices originating from the guest network from affecting the main network. There are three methods you can use to isolate your guest network:
Network Segmentation
If your router supports it, use VLANs to create “virtual walls” between your guest network and main network. This keeps traffic from each network isolated.
Firewall Rules
Configure your router’s firewall to limit communication between the guest and main networks. Only allow basic Internet access for guests.
Physical Separation (Optional)
If feasible, use separate wireless access points for your guest network and main network. This further reduces the chance of unauthorised access.
Most modern routers support guest networks – don’t forget to give your guest network a unique password and regularly change the password to limit ongoing access!
5. Keep Your Hardware Updated
Network hardware manufacturers often release firmware updates for devices that often include security patches for discovered vulnerabilities. This should be checked regularly to ensure that your router and access points are operating with the latest firmware to offer the most protection. If available, enable automatic updates.
6. Enable a Firewall
A firewall acts like a filter for traffic coming into the network. Most routers have built-in firewall capabilities – make sure it is turned on. It can help to malicious traffic from entering the network. Additionally, firewall rules are a great way to dictate how and what traffic flows through the network. You can use firewall rules to isolate a guest wireless network from the main network, preventing devices from accessing internal resources from guest networks.
7. Change your Network Name (SSID)
Default router and access point names can often include the manufacturer and in some cases model. This makes it easy for hackers to identify your device and look up any known weaknesses and default credentials. Changing your network SSID to something nondescript helps to conceal the hardware in use making it more difficult for an attacker. For example: Change the SSID from “TP-LINK-WA801N” to “SQW“
8. Review Convenience Features
Many routers and access points come with features designed for convenience, but these features can also introduce security risks into your wireless networks. A few features to consider disabling when setting up your wireless network are:
Remote Management
Remote management allows you to manage the settings of your router or access point over the Internet. While it is convenient for troubleshooting, it provides an additional attack surface and should be disabled unless required.
Universal Plug and Play (UPnP)
UPnP simplifies device connection to your network but can also open ports for unknown devices. For example, a device could claim to be a printer and the router will automatically open ports to allow devices to communicate with the printer. This should be disabled if it is not required.
Wi-Fi Protected Setup (WPS)
This feature allows quick connection to the network with a physical button press. WPS is inherently insecure and can provide easier entry into the network. WPS uses a flawed pin system to connect devices to the network, with only 7 numbers being truly random. This reduces the possible pin combinations, increasing the likelihood of successful pin guessing attacks. If an attacker can get physical access to the router or access point, they may be able to gain access to the wireless network via the physical button. WPS should be disabled and replaced by strong passwords.
Network Security with SecQuest
Securing your network is crucial in today’s digital landscape, and with SecQuest, you can achieve peace of mind knowing your systems are protected. Our comprehensive solutions are designed to safeguard your network from threats, ensuring your data and communications remain secure. If you’re looking to find out more about our network security services, you can contact us today by clicking here.