We're all using Wi-Fi much more than in the past so it should be no surprise to hear that Wi-Fi attacks are on the rise.
Businesses are reporting an increase in the number of devices connected and decreases in network performance. Home users are reporting unusually high utilization, and skyrocketing usage bills.
Of course, not all of this can be attributed to Security breaches, but some of it undoubtedly is.
The key is to use a layered approach to network security. And in most small businesses, that starts with the Wireless network.
Here are 7 tips you can use to secure your Wi-Fi network.
1. Make sure your Router is physically secured.
It sounds simple but it is on of the most common mistake small businesses make. Your router and computing equipment (other than end user devices obviously) should be behind locked doors. There's no easier way to compromise a network than to directly attach to it physically. And don't think that just because you and your employees are in the building no one will be able to get to it.
LOCK IT UP!
2. Change the default passwords.
Every device manufacturer and service provider has a set of passwords configured by default. Make sure you change them! fully 75% of businesses are using the default passwords on their networking equipment.
And don't let your provider tell you they are not allowed to give login access to you. That's just not true. You are buying or leasing the equipment. And more importantly, you are responsible for its security. Demand admin access to your devices or find another vendor!
3. Protect the Network Name (SSID). Change the name and Don't broadcast it.
Another default you need to be aware of. The name of your network is broadcast to anyone who comes within range of the devices. Furthermore, many devices use the same Network name as a default.
You should change the name of the network. And don't use your family name or address as any part of the name. That's an invitation to hackers to know exactly where the network is located.
You should also stop the broadcasting of your network name. Yes, it can still be seen by devices and hackers with scanning software. But it is just one more level of protection you should deploy.
And one more thing. You should disable Wi-Fi protected setup (WPS). This a way to automatically configure devices to connect at the push of a button. Just disable it.
4. Prevent Admin access to your device over the wireless network.
Since we've now physically secured our Router, we now need to protect it from being administered over the wireless. That way, even if someone gains access to our wireless network, they can't hack the router without actually gaining physical access.
5. Double up on firewalls. (Advanced configuration)
And speaking of layered approaches, here's another tip to securing your WiFi network. Use multiple Firewalls.
Most Routers come with some Firewall capabilities. Make sure those are enabled! Some examples of options available on most routers are:
Network Address Translation (NAT): enabled by default. NAT allows devices inside your network to "hide" from public addressing schemes.
Traffic inspection: disabled by default. We're using the term "traffic" here in its most general sense. There are many options available including email inspections, packet inspection (stateless), traffic pattern (stateful) inspections, etc...
This is among the most complicated of solutions. If you need help, this is where a Cyber Security professional is very helpful
In addition to a router firewall, you should also have a firewall on every computer(host) attached to your network. These can be built into the operating system. Most professionals recommend a third party firewall application, however.
6. Use WPA2 encryption.
Most routers or Wireless Access Points (WAPs) allow you to choose which encryption schemes you are using. WPA2 is one of the more modern solutions for encryption available on almost all WAPs and routers. Other options, which are not recommended, are WPA (earlier generation of WPA2) and WEP which is one of the oldest encryption protocols in use and has proven to be easily defeated by even the most novice hackers.
7. Use MAC filtering.
MAC filtering is a technology that allows you to control which devices are able to connect to your Wi-Fi. A MAC address is a physical address that is unique to each device. The way MAC filtering works is to deny access to any device which is not on the "approved" list.
Because MAC addresses are easy for hackers to "spoof", many professional are now recommending against its use but it is still an effective deterrent and recommended as part of a layered approach to security.
Protecting yourself, your company, and your customers' data is vital in today's networking environment. Using a layered approach has proven to be a best practice and a great deterrent against all but the most sophisticated of attackers.
Of course, if you'd like further explanation of these or any other security topics or if you'd like a NO CHARGE, NO OBLIGATION security analysis, please reach out to us at Packetdaddy@selectiveintelligence.com or call us at (317)983-4766.