How to Become a Wireless Security Expert

So, you think you’ve got what it takes to become a wireless security expert? Many people believe that they’ve got it all figured out, but then they discover that the road success is much more difficult than they thought initially.

This article is just the first one in a (hopefully) long series; don’t worry, I will give you links to some of the best industry books at the end of this content piece.

Most people are eager to set up a Wi-Fi network, and then benefit from their improved Internet browsing experience. And while we can empathize with them, it is important to understand that this approach will lead to many Wi-Fi security holes.

The explanation is simple: even the newest Wi-Fi networking devices don’t come up with tight security settings by default. So, here’s what you should do to significantly boost Wi-Fi security.

  1. Change the default admin user name and password

Most Wi-Fi networks include a wireless access point – often times, a broadband router. The router protects the data that flows through it by utilizing a user name, which is frequently set to “admin” by default, and a password. Sadly, some router manufacturers don’t allow us to change the admin user name, and this way they are significantly simplifying the hackers’ jobs.

If this is the case with your router, be sure to pick a huge, hard to guess password for it. All manufacturers ship their routers with passwords like “admin” or their company names, and some people don’t change them. It’s your job to make sure that the router uses a strong password and – whenever it is possible – a customized user name, which includes letters and numbers.

  1. Use the best wireless encryption protocol

All routers support several encryption protocols, including the outdated WEP protocol, which can be rendered useless within minutes. I’ll have to give some credit to the router makers here, though, because most of them will suggest the strongest WPA2 protocol each time we try to set up a new Wi-Fi network.

Still, for some reason, some people continue to use WEP or WPA for their wireless networks. These security protocols are outdated and should be avoided. Take a look at the graph created by Data Alliance, which compares the average time it takes to break into a Wi-Fi network, depending on its security protocol.

It is true that some people stick with WPA, for example, because their Wi-Fi clients cannot support the newer WPA2 protocol. In this case, it’s best to tell people to purchase new Wi-Fi devices; otherwise, their network’s security will be quickly compromised.

Also, the graph above shows clearly that WPS, a feature that’s intended to make connecting new devices to the network much easier, significantly diminishes WPA2’s security. So be sure to disable WPS for all the routers you ever come into contact with!

  1. Change the default network name

I can understand why router manufacturers want to advertise their products by including their company name in the newly created networks. This is why there are lots of “Trendnet XYZ” network names in the entire world, for example. It’s your duty to change these network names to regular names, which don’t give away the router manufacturer (or your) name.

Name a new network “johndoe44”, for example. By doing this, you will make the hackers’ job much more complex.

  1. Disable SSID broadcast

This is a feature that broadcasts the network name, also known as SSID, periodically. By hiding the network name, you will decrease the likelihood of someone managing to log into the Wi-Fi network without your permission.

There is a drawback, though: some devices – especially the older ones – simply refuse to connect to a Wi-Fi network that doesn’t broadcast its name. So be sure to verify that each device is still connected to the Wi-Fi network, even after you’ve disabled SSID broadcast from within the router’s admin panel.

  1. Enable MAC address filtering

Each Wi-Fi client has a unique identifier called a “Media Access Control” (MAC) address. Routers are able to keep track of (and communicate with) each client separately because of these MAC addresses.

Most routers are able to filter the clients which are allowed to connect to them, based on their MAC addresses. While the system is not 100% secure, because each MAC address can be cloned, by turning on the address filtering router feature, you will manage to keep some villains at the gates.

  1. Use additional security software

Just because your router is properly set up, it doesn’t mean that its clients are 100% safe. Be sure to activate your router’s hardware-based firewall, and install at blockers and antiviruses on all the clients, if possible. This way, you will avoid the unpleasant situation of having one or more of the devices turn into digital zombies.

  1. Shut down the network when it’s not used

It may sound obvious, and yet very few people do it: shut down the router when the Wi-Fi network isn’t used. Do this after hours, for example. If we’re talking about a home network, shut it down whenever you take a vacation with the entire family.

Of course, if you’re only using the wired (Ethernet) part of the network, you can safely disable the Wi-Fi component of your router, and thus make your network immune to any wireless attack.

Until next time, here are a few good books that will help you learn much more about Wi-Fi networks:

https://www.amazon.com/Wireless-Networking-Absolute-Beginners-Guide/dp/0789750783/ref=zg_bs_3722_18?_encoding=UTF8&psc=1&refRID=BC5YB1E547TF3ZF0QCQ5

https://www.amazon.com/CWNA-Certified-Wireless-Administrator-Official/dp/1118893700/ref=zg_bs_3722_1?_encoding=UTF8&psc=1&refRID=BC5YB1E547TF3ZF0QCQ5

https://www.amazon.com/Essential-Guide-RF-Wireless-2nd/dp/0130354651/ref=zg_bs_3722_13?_encoding=UTF8&psc=1&refRID=BC5YB1E547TF3ZF0QCQ5

 

Read more