A Guide to Wireless Network Security: Keeping Your Network Safe
I don’t think it’s necessary to go into too much detail about the way that encryption works. That deserves its own article, such as the one a fellow writer wrote describing how encryption works. Just understand that it turns your information into a series of codes that can then be interpreted by authorized receivers. It’s just an upgrade of those old cipher puzzles.
This basic process is responsible for protecting your wireless Internet communications and it also controls who has access to the network. Encryption technology is set up through the router. The leading wireless network encryption techniques are WEP and WPA. WEP is the older format and unfortunately it appears to have been fairly well cracked. It’s not nearly as secure as it once was. WPA is much stronger and still very strong overall.
In general, you just need to use the most powerful encryption technique that your router has to offer. There’s no real penalty or cost to use a tougher method. WEP is only useful if you have to allow access for older laptops and equipment that can’t handle anything more powerful. If your equipment can handle it, then there is absolutely no reason to not take the extra step and make your wireless connection that much harder to hack.
In order to enhance network wireless security, you should probably understand how hackers are able to gain access to a wireless network.
Wireless network hacking isn’t that hard in concept. The hacker just needs to find your encryption key and then use it to either gain access to the main network or decrypt the information packets that they find. It is possible for a hacker to grab the key through basic social engineering. A password is only as strong as the people that protect it. If one of these people fall for a phishing scam or infect their computer with malware, then the encryption key can be grabbed that way and simply used by the outsider.
If they’re actually going to “hack” the wireless Internet network, then it just takes a little patience on their part and outdated security on your part. As I mentioned, there are cracking techniques that are fairly efficient for WEP and efforts are made every day to crack WPA security. An unfortunate weakness for most routers is that they have to rebroadcast the key to the connected computer or computers to verify the connection. I believe the rough estimate is at least once or twice an hour, if not more (especially for large network with many connected machines). If someone is watching the data stream and capturing the encrypted data, then they can wait for a period of time and then run a few wireless hack programs to crack the important segments of data and find the encryption key for the network.
If they can do that, then it’s as good as giving them full access. Note that using strong encryption keys and protecting individual computers on the network should be enough to make this fairly difficult for most hackers.
If you’d like more details, then this article on the anatomy of wireless hacking should help.
Extra Security Options
Of course, it’s a little boring to just tell you to use strong encryption and call it a day. There are a variety of extra steps that are recommended to better secure your network. Let’s go over a few of these wireless network security issues.
Not Broadcasting Your SSID - Your SSID refers to the name of the network. It’s what shows up when you look for networks to connect to. A lot of people (even a few on Bright Hub) suggest that you turn off SSID broadcasting to help hide your network from hackers and make it “invisible.” Note that not broadcasting your SSID is roughly the same as throwing a tarp over your car. It’s not going to hurt anything as long as you don’t mind pulling the tarp off when you want to drive (or in this case, setting up all connected computers to automatically detect and connect), but it’s not really hidden. The tools that are usually used for wireless network hacking are all able to automatically reveal “invisible” SSIDs. It will do absolutely nothing to protect it from anyone using anything more complicated than the Windows wireless connection process. It’s not a bad thing to do for a personal network and can hide your network from bored neighbors. Note that businesses will see their IT department driven insane after a few days of “how do I connect?”
MAC Filtering - MAC filtering is also recommended and I personally like it. Each computer has a unique MAC address and you can configure your router to only allow a small list of MAC addresses. It’s a good idea overall, but it’s about as useful as hiding your SSID. A serious hacker knows how to spoof their MAC address to an allowed one. If they have basic access to the network, then they can just look for connected devices (since they are obviously trusted) and then spoof their own MAC address as one of those. It’s covered in this list of all possible Wireless Network Attacks. This is closer to locking your car doors. Someone could just pick the lock or break a window, but you’re making them take the extra step and preventing them from just opening up your door.
Strong Router Password - This might not directly protect your network, but it’s just a good idea. Do not leave your router on with the default password. There’s a big list of those and it’s the first thing that a wireless network hacker will check. Go ahead and make the admin password something strong. On that note, make sure that remote administration for the router is turned off. You shouldn’t ever really need to use that and it only allows other people to crack the router password and change your settings instead of cracking the encryption.
Educate Your Employees - The human link is always the weakest. Make sure that your employees know how to stay safe online and that they don’t broadcast company info to the world.
Now that we covered wireless network security, let’s take a really quick look at public wireless networks.
There isn’t too much to say about this. I like to think of it as yelling out information in a public square. People might not hear it, but it’s still out there. While individual interactions online can have separate and secure encryption, the data that you’re sending out can be seen by anyone with easy software that can capture packets. Chances are that a hacker isn’t going to spend his day sitting around the Starbucks hoping that someone gives up an email password or some corporate blackmail material, but it’s still an unnecessary risk for the sheer sake of convenience. Try to limit your exposure online while using public WiFi.
If you plan to use wireless hotspots regularly, then you might want to look at our article on wireless hotspot security.
The author has experience in wireless networks and how to keep them secure.
- Wikipedia Commons - https://commons.wikimedia.org/wiki/File:Wireless-Router.png
- Wikipedia Commons - https://commons.wikimedia.org/wiki/File:Wireless_icon.png