Securing WiFi

3-Hat Information Security > Network  > Securing WiFi

Start with best practices to keep your wireless networks safe and secure.

    Wireless access points are everywhere, and unfortunately a large number of them are compromised. Through utilization of war-driving databases and wireless key leaks, wireless access points represent one of the most common avenues for a cyber-attack. In this article we will cover methods for increasing the security of your wireless access points to reduce the chances for an attacker to gain access to our network though Wi-Fi.

	When securing your wireless access points, we will be following a five-step process. First, we will need to ensure that the wireless access point is configured to use the latest and strongest form of encryption and authentication that it is capable of using. For our router, this will be WPA2-PSK. Second, we will need to ensure that the wireless access point is only broadcasting on the channels we intend to use. If we only plan to use a 5Ghz channel, we can completely disable the 2.4Ghz antenna that our router came with. This will reduce the surface area for any attack. Third, we will need to create and set a complex password or passphrase for each of the broadcast channels that our wireless access point will be using. Forth, we should consider using a MAC address lock for each of the users of the wireless network. This requires the users to broadcast a valid MAC address in order to connect to the network, which adds to the difficulty of gaining unauthorized access. And last, we need to consider the isolation of the wireless access point on our network. If the access point is only used for internet access, it can be completely isolated from the rest of the internal network to prevent any unauthorized access within the network.

	While the aforementioned five step process is very reliable for setting up a secure wireless environment, it does nothing to protect against the two primary flaws with wireless security: People giving out your wireless network password, and remote exploitation opportunities. The only realistic way to resolve the problem of too many people knowing the password for your wireless network, is to regularly change the password. As for remote exploitation opportunities, we recommend updating to the latest firmware for your wireless access point as often as you can. This will help to ensure that you receive any security patches that the manufacturer has provided.

	A final security feature to consider is the capability for wireless access points to not broadcast their SSID or ESSID. This can provide a moderate addition to the security of your wireless access point, but it will make it harder for your intended users to connect.

	Wireless security may not be perfect, or even reliable over any reasonable length of time. But wireless networks make it possible for everything from laptops to smartphones to connect to the internet and in doing so, it significantly increases their capabilities. In the eyes of most people, this makes wireless networks worth their risk. So, although it is difficult, maintaining the security of your wireless access points is one of most important things you can do for the overall security of your network.

	At the time of the writing of this article, WPA-3 has yet to receive wide spread adoption. As such I am unable to recommend its use or disuse. There may be compatibility issues with devices that weren’t originally built to use WPA-3. Please use addition research and your own discretion when deciding which authentication protocol is right for you.
No Comments

Sorry, the comment form is closed at this time.