Wi-Fi is one of the most used computer networks in the world, utilizing in homes, offices for devices – laptops, desktops, mobile devices, printers, video cameras, and other equipment to access the internet and network connectivity.
As these network devices communicate with each other with wireless technology, there is always a chance of devices and personal information being vulnerable to cyber attacks, enabling illegitimate access to cyber criminals and other threats to steal or alter the data.
Public Wi-Fi networks, hotspots are highly vulnerable as there is no proper security applied for those connections and it’s easily accessible to everyone.
What is Wi-Fi?
Wi-Fi is wireless networking (LAN) technology based on the IEEE 802.11 family of standards, which are basically utilized for local area networking of devices and to access the internet, authorizing accessible digital devices to interchange data by radio waves.
Connectivity of the internet happens through a wireless router. Whenever an end-user accesses Wi-Fi, it’s connecting to a wireless router device, authorizing the Wi-Fi compatible devices to interface with the internet connection.
Evolution of Wi-Fi and its Impact:
Two decades before Wi-Fi technology came into the world and now, it’s hard to imagine without its existence. The first standard of Wi-Fi ( IEEE801.11) launched in 1997 which is capable of delivering a speed of just 2MBps. This standard utilized the transmission method developed in 1941 that transmits over numerous frequencies to minimize interference which is known as “Spread Spectrum.”
Now, today the technology evolves and grows tremendously by pushing gigabyte speeds with low latency, maintaining numerous users by shaping the technology from the access points and can even cover a wired or wireless mesh network to turbocharge it.
Now companies are introducing their chips for the upcoming Wi-Fi 6, also known as IEEE802.11ax, which is designed to increase capacity, battle wireless congestion in crowded areas, provide faster data transfer rates and improve power efficiency.
The Wi-Fi technology had a massive impact on several areas of society such as education, healthcare, commercial sectors, etc. which makes the workflow easy and fast. Today, humans are completely dependent on it and trying to make more improvements on it with the latest technologies.
As Wi-Fi usage increases a lot, we have to follow several security best practices to minimize cyber attacks on our devices. Below are some of the Wi-Fi security best practices that everyone should follow.
Wi-Fi Security Practices for General Users:
- Create a unique password for the Wi-Fi router: Wireless routers come with a default username and password and this needs to be changed to unique and strong credentials. To know how to create a strong password, follow the given link – How to create a strong password and its best practices.
- Changed the Password frequently.
- Turn off the router when you are not using Wi-Fi or when you are going away for a longer period of time.
- Enable Wi-Fi encryption: Cyber criminals can intercept into weak Wi-Fi encryption with freely available hacker tools. Hence, enable WPA 2 (Wi-Fi Protected Access Version 2) in router configuration for best encryption technology.
- Enable Firewall Protection: Firewall protection provides network security for the connection by monitoring and controlling the incoming and outgoing traffic based on the set of predefined security configurations. This protection is available in the Wi-Fi router configuration console.
- MAC Address Filtering: Enable MAC Address Filtering configuration in the router according to your device MAC addresses. MAC (Media Access Controller) is an identifier of the network card made of unique six two-digit hexadecimal numbers differentiated by colons.
- Change and Restrict the SSID Network: SSID (Service Set Identifier) is a unique ID utilized for naming the wireless networks. End users should not use personal information in the SSID name. Also, end users restrict broadcasting their SSID which can be done from the router configuration console.
Wi-Fi Security Practices for Organizations:
To secure the organization’s Wi-Fi connection, above six practices should be included with below additional practices which are shown below.
- Deploy a Wireless Intrusion Prevention Systems (WIPS): To keep the organization’s system and devices safe, deploy a Wireless IPS in the network to prevent WLAN attacks that utilize packet floods, AP spoofing, malicious broadcasts and other attacking techniques.
- Traffic Monitoring: Wi-Fi traffic should be monitored using monitoring tools such as SIEM and network traffic analyzers.
- Establish a separate Private Access and Guest Access: Both organization employees and the public accessing the same network is like welcoming the trouble and could be a source for the intrusion of vulnerable attacks. Establish separate traffic, by utilizing a Service Set Identifier (SSID) for creating two different points of access to the network: an organization grade secure access point for the employees, and access point for the outsider’s customers i.e. public. This segregates organizations’ devices from the public, providing an additional layer of security.
- Antivirus, Anti-Malware and Firewall in the Organizational Devices: Implementing these protections will not only protect emails and documents, but also provide internet security, online backup services, remove malicious software already installed on the endpoints, warns any malicious external downloads or emails, restrict suspicious clicks on advertising malware in the websites. So, it’s a best practice for implementing these protections and keep updating, renewing subscriptions for them to keep the organization’s network secured with the latest vulnerability and threats.
- Introduce Rogue Detection Capability: Unauthorized access points that are installed onto a secure network are called Rogue access points. These points can damage the functioning of the network in various ways such as an attacker can perform a ‘man-in-the-middle’ attack, able to steal data, overflow the network with useless data, etc. The Rogue Detection Capability will detect Wi-Fi access through a rogue client or WAP, despite the authentication or encryption methods utilized by the network address translation, soft WAPs.
- Restrict or Control DHCP: The Dynamic Host Configuration Protocol (DHCP) server in the wireless router device is used for automatically assigning the IP address to each device connected in the network. Restrict or control the DHCP range in the organization and allow the devices to need and run up on the network.
- Limit the WiFi Range & Strength: Though in organization, strength and range of the signal should be high enough for easy workflow, but should be limited within the office premises.
- Wi-Fi Administration: All the Wi-Fi access points should be managed from a single dashboard.
- Assessment: A frequent vulnerability assessment and penetration testing should be performed on access points.
- Compliance: Ensure compliance with the most current National Institute of Standards and Technology (NIST) or whichever is applicable for your organization.
Found this article interesting? Follow DefenseLead on Twitter, Facebook and LinkedIn to read more exclusive content.