The rapid increase of wireless networks and devices over the past few years is set to continue in the near future, with everything from fridges to consoles and smartphones now being wirelessly enabled. Although the ubiquity of Wi-Fi has made all of our lives easier, it has created a fresh network security challenge for IT managers. This is due to wireless connections now coming in from anywhere, and at any time.
These connections may sometimes come from harmless devices whose Wi-Fi functions are constantly enabled. However, they are more likely to come from unauthorised users in the hope of gaining free Internet access, or, somewhat more troubling, from unlawful intruders attempting to infiltrate your network directly.
There are 8 steps you can take that will help you to improve your wireless security in the workplace. These are summarised in this handy guide below.
1. Change your default administrator usernames and passwords
At the core of most wireless networks is an access point or router. Manufacturers generally provide web sites for owners to input their account information and network address in order for them to set up their router. These are protected by a login screen that requires a username and password, which ensures that only the rightful owner can do this. Unfortunately, the logins provided by manufacturers are simplistic and also very well-known to hackers on the Internet. Therefore, it is highly recommended that you change these settings immediately.
2. Enable (Compatible) WPA / WEP Encryption
Each piece of wireless equipment supports encryption in some form or other. There are several available wireless security encryption technologies, which all work by scrambling messages that are sent over wireless networks so that they cannot be easily read by humans. Therefore, it is recommended that you pick the strongest form of encryption that is compatible with your wireless network.
3. Change the default SSID
All wireless access points and routers use a network name which is named the Service Set Identifier (SSID). Manufacturers have the unhelpful habit of shipping all their products with the same SSID. If a hacker sees a wireless network with a default SSID, it indicates to them that it is a poorly configured network, and will therefore be more likely to attempt to hack it. Accordingly, I would recommend immediately changing the default SSID when you are configuring wireless security on your network.
4. Turn on MAC Address Filtering
All wireless equipment possesses a unique identifier, which is called the physical address or MAC address. One of the roles of an access points or router is to keep a record of the MAC addresses of all devices that connect to them. One option would be to manually enter the MAC addresses of all of your home/office equipment; this will restrict the network to only allow connections from the approved devices. However, this isn’t a fool-proof option as many hackers and their software programs can easily fake MAC addresses.
5. Turn Off SSID Broadcast
In wireless networks, the router or access point generally broadcasts the SSID at regular intervals. This was done in order to assists businesses and mobile hotspots, which may have Wi-Fi clients roaming in and out of range. However, this may be unnecessary in some situations, as it increases the likelihood that someone will try to breach your wireless security. Fortunately, the SSID broadcast feature is able to be turned off by the network admin.
6. Don’t Allow Auto-Connect to Open Wi-Fi Networks
The majority of computers have a setting that allows them to connect to an open Wi-Fi network automatically without notifying the user. It is recommended that this setting should be disabled, as enabling it will expose your computer to security risks.
7. Assign Static IP Addresses to Devices
Most networkers tend to use dynamic IP addresses, which is extremely easy to set up. However, the ease-of-use also works to the advantage of hackers. This is because potential hackers are easily able to get valid IP addresses from your network. By turning this off, setting a fixed IP address range, and using a private IP address range (such as 10.0.0.x), this will prevent your wireless security from being directly reached via the Internet.
8. Make Sure Firewalls are Enabled on Each of your Computer’s and on the wireless Router
All new models of network routers contain built-in firewall capability as standard; however, they also have to option to disable the firewall. I would strongly advocate that your router's firewall is turned on. As an extra layer of wireless security, installing and running personal firewall software on every computer that is connected to the wireless network would also be beneficial.
If after reading this guide, you feel as if you have just spent 10 minutes reading incomprehensible jargon, firms such as LAN2LAN provide a fantastic range of Wireless Intrusion Prevention Systems (WIPS) for businesses, which will ensure your wireless infrastructure is protected against unauthorised connections.