Beaming’s WiFi security recommendationsPosted on 5 June 2014 by Sonia Blizzard
Why is it important to correctly configure wireless and set the appropriate security protocol?
Wireless routers come with a variety of security standards for users and system administrators to choose from. All of which are susceptible to forms of wireless attacks and network breaches. This article gives a brief overview of our WiFi security recommendations.
The first piece of advice we’d give is to have a separate connection, apart from your normal network environment. However, there are still many steps you want to take to help secure this separate network.
Selecting an appropriate security protocol / level
When it comes to WiFi security recommendations, our first piece of advice is to apply the highest level of security available on your router e.g. WPA2 which encrypts using a 256 bit key, choosing a longer more complex password will improve security. Never use a password that is used for another system, make it unique, complex and long. A disadvantage of using WPA2 is that some older devices do not support this.
Many routers come with the ability to use the WPS feature which helps simplify the process of connecting devices to a wireless network. This removed the need for entering wireless passwords on many wireless devices, thus reducing complexity for a home user. However this feature is open to a brute force attack which can complete in a few hours and allow an attacker access to your wireless password, even a WPA2 passphrase. Therefore this undermines your chosen encryption type and passphrase complexity.
To protect yourself from this attack log into your router and disable the WPS option. If you do need to use WPS select a router that locks WPS after 3 failed attempts, be warned an attacker can still cause the router to crash, reboot and then WPS is available. Even turning your access point off at night or when not in use may help reduce the risk of brute force attacks.
Selecting a Wireless Network Name (SSID)
Selecting a network name which advertises your company name or a word that may provoke attackers can happen. When setting up your router chose a network name that does not provoke attack or advertise your company name. You can also set an option to hide a wireless network name which will help; this name can be discovered by an attacker but hiding it helps prevent ‘drive by attacks’ and opportunists.
Other methods available
End to End Encryption, network encryption and RADIUS authentication
Best practice advice is to separate your wireless network from your closed network. Any network key can be captured by an attacker. They can monitor a network and wait for a device to join it. An attacker can also kick a user who is already connected to the network, forcing their device to rejoin the network. During this period a ‘handshake’ is performed between the devices which an attacker can take and attempt to brute force attack the password at any location.
Now that you’ve read our WiFi security recommendations, browse our support archive for more practical security advice.