The recent reports of rising cyber-attacks throughout the world have many businesses and people investigating ways that they can improve the cybersecurity of their work and home environments. Since the inception of the 802.11 protocols nearly 20 years ago, WiFi has become more prevalent in everyday life, and yet many people still are unaware of the security issues that arise when implementing a WiFi device into their environments. Below are 5 tips on how to secure WiFi at either your home or office:
- Change default Service Set Identifier (SSID) name
- Change default password
- Ensure that strong passwords are created
- Ensure that strong encryption is used
- Review devices connected to your environment
Change default Service Set Identifier (SSID) name
There have been multiple times when I was searching for available wireless networks and saw “LINKSYS,” or some other default SSID. SSIDs are preconfigured by the manufacture of the router and can reveal important information about the router that someone who is looking for an easy target to break into can obtain with little effort. When I see a default SSID, I often wonder if the person that installed the device left the default administrator credentials also. An unauthorized user that wishes to gain access, could do so with an easy web search, to discover the default password for the administrator’s password, just by knowing the make and model of the router. Changing the default SSID so that it does not reveal the make or model will help in securing your wireless router.
Change default password
Like default SSIDs, default passwords are preconfigured by the manufacture and gives access to the router’s management console. One of the first things that should be changed before implementing a new wireless router into an environment is the default password. Depending on what the wireless router will be used for will dictate the length and complexity of the password. As a best practice, the administrator password should not be the same as regular users. Additionally, passwords should not be easily guessed and should not be found in the dictionary or published online. A list of the 10,000 most used passwords can be found here.
Ensure that strong passwords are created
Many people think that just having a password will protect their devices, this could not be farther from the truth. One of the easiest ways to protect your wireless router is to create a password that is long as well as complex. Hackers have access to files with trillions of passwords that have been cracked and can crack passwords within minutes if length and complexity are not used. An example of this would be the password “abcd1234”, using password cracking software would take 0.29 milliseconds to crack. However, the password “AbCd1234” would take approximately 7 months and the password “AbCd1@3$” would take more than 14 years to crack. Ensuring that passwords have complexity (upper and lower case letters, numbers and symbols) and length (longer than 8 characters) greatly reduces the chances that the password will be hacked. A simple/fun tool to see if your password is strong enough can be found here.
Ensure that strong encryption is used
The most common forms of WiFi encryption are:
- Wired Equivalent Privacy (WEP)
- Wi-Fi Protected Access (WPA)
- Wi-Fi Protected Access II (WPA2)
WEP was officially retired in 2004. Despite this, WEP continues to be the most used type of encryption used worldwide, due mainly to its age, its ability to be backwards compatible, and it being listed first on most drop down menus. WEP’s successor was WPA, which directly addressed the security vulnerabilities that WEP could not. WPA used Temporal Key Integrity Protocol (TKIP) which was significantly more secure than the fixed key used by WEP, but TKIP was later superseded by Advanced Encryption Standard (AES). WPA eventually became vulnerable to intrusions and WPA2 officially superseded WPA in 2006. The most significant change in WPA2 was the mandatory use of AES and Counter Cipher Mode with Block Chaining Message Authentication Code Protocol (CCMP) as a replacement to TKIP. WPA2 is currently the industry standard for WiFi encryption and the known WPA2 vulnerabilities are limited almost entirely to enterprise level networks.
Review devices connected to your environment
Most routers will have a list that shows the wired and wireless devices currently connected. This list should be reviewed periodically to ensure that devices that are connected are allowed. Years ago, the list would only show the IP address, MAC address or hostname. Newer routers have all of this information to include an icon of the device type that is connected. Additionally, some routers are releasing mobile apps that will allow you to remotely see who is connected to the network and send you a notification when a device connects.
Not only is securing your WiFi an important security initiative, it is also, in many cases, a compliance requirement for various Federal, State, and Industry Regulations. This is a great example of how taking care of the IT Security initiatives and building a culture of security can assist you in achieving your compliance initiatives as well.