How to Lock Down Your Wireless Network
The amount of data that gets sent back and forth through the air these days is amazing. Just think about it—our phones are constantly connected to cell towers, and often nearby wireless networks, while our computers and laptops send and receive information continuously as we work.
Sometimes, I still marvel over how we can stream music, movies, and conference calls over the airwaves. However, with all that potential, it is important that we protect the data that we’re sending and receiving.
Your organization’s Wi-Fi network is pretty difficult to hide from anyone within earshot of your business. Chances are, it can be accessed from your parking lot, across the street, and from other offices in your building. After all, it’s wireless, so here are some best practices to keep your Wi-Fi secure. After all, anyone can see that it exists, and it’s your job to ensure that nobody can get on it and access something they shouldn’t see.
Older Wireless Networks Need to Be Taken Down
There are several security protocols to choose from when establishing your Wi-Fi network. The oldest standard is called WEP (Wired Equivalent Privacy). It comes from a simpler time—1999 to be precise. Back then, we weren’t really expecting a lot from wireless networks, and it wasn’t extremely common for everyone to have a high-end Wi-Fi-connected computer in their pocket. On top of that, when WEP first came out, U.S. restrictions on the export of certain cryptographic technologies forced wireless router manufacturers to limit devices to only use 64-bit encryption. That’s changed over the years, but WEP is still one of the most flawed security protocols out there. It might protect your home Wi-Fi from allowing your not-very-technical neighbors from getting on and using it to watch Netflix, but that’s really about all it should be trusted to do.
Instead, you’ll want to use the WPA2 protocol in most cases, and enable AES (Advanced Encryption Standard). If your routers don’t at least support these standards, it would be a good idea to upgrade.
Keep Your Wi-Fi Routers Up-to-Date
The devices that dish out your wireless network are no different than any other device on your network in that they need to be kept updated. New firmware updates and security updates will fix vulnerabilities and provide product enhancements, or fix issues that were discovered after distribution. One issue with using older hardware is that once they enter EOL (end of life) eventually they will no longer receive updates, becoming vulnerable to hackers.
Most routers and access points aren’t configured to do this by themselves, and will need to be reviewed and managed.
Change the Factory-Default Passwords and Usernames
You’d be surprised to find out how easy it is to get yourself logged into most routers. Let’s say I was outside your organization on a bench with a laptop, and I wanted full access to your wireless network.
If I assumed it wasn’t set up properly, here are the steps I would take:
- I’d get comfortable and boot up my laptop, and check the available Wi-Fi networks.
- I find yours and use some free utilities to pull a little more information about the network.
- I use one of these utilities on my laptop to make your router think I’m a handful of devices that are simply trying to get logged in. I don’t have the password, so I’m having my laptop just guess from a list of common passwords.
- Alternatively, one utility could just watch the other traffic on your network and collect data as well. This isn’t sensitive data—not yet anyway. It’s just looking at the hard data sent between devices and the router across the airwaves.
- Once I’ve gathered enough data, the utility on my laptop can crack into the wireless network, virtually on its own. I merely started the process.
- Now I can access the Internet with your Wi-Fi.
This process could take a few minutes to a couple hours depending on the network and some other conditions. Here’s where things get even more dangerous.
- After minimal trial and error, I determine what brand and model of router you have.
- I do a Google search on your own Wi-Fi network to figure out what the default factory password is for your router, although I can probably just take a few guesses to save myself the time (most of the time, the password is just “admin” or “password.”
At this point, I have full access to your router and can make changes to it as I want.
The first set of steps I took could have been prevented by not using WEP, but the last two steps could have been prevented by not using the factory-default password.
Audit Your Network Regularly
It’s important to have your network reviewed and assessed regularly, especially if you have to meet industry security standards. In these cases, it’s usually required to audit everything regularly, and it’s highly recommended for everyone else.
At Datalyst, we’re well equipped to audit your existing network, help improve your security, and even ensure that everyone who needs reliable wireless access to your network can get it, no matter where they are in your building.
To talk to an expert about the reliability and security of your Wi-Fi or other wireless services, give us a call at (774) 213-9701.