Wi-Fi is one entry-point hackers can use to get into your network without setting foot inside your building because wireless is much more open to eavesdroppers than wired networks, which means you have to be more diligent about security.
But there’s a lot more to Wi-Fi security than just setting a simple password. Investing time in learning about and applying enhanced security measures can go a long way toward better protecting your network. Here are six tips to betters secure your Wi-Fi network.
Use an inconspicuous network name (SSID)
The service set identifier (SSID) is one of the most basic Wi-Fi network settings. Though it doesn’t seem like the network name could compromise security, it certainly can. Using a too common of a SSID, like “wireless” or the vendor’s default name, can make it easier for someone to crack the personal mode of WPA or WPA2 security. This is because the encryption algorithm incorporates the SSID, and password cracking dictionaries used by hackers are preloaded with common and default SSIDs. Using one of those just makes the hacker’s job easier.
(As we discuss later, this vulnerability doesn’t apply to networks using the enterprise mode of WPA or WPA2 security, one of the many benefits of using the enterprise mode.)
Name your network wisely - it something generic but not too common and without revealing the location. Credit: CloudTrax
Although it might make sense to name the SSID something easily identifiable, like the company name, address, or suite number, that might not be the best idea either. This is especially true if the network is in a shared building or in close proximity to other buildings or networks. If hackers drive by a congested area and see a dozen different Wi-Fi networks pop-up, they would likely target the one easiest to identify, which could help them understand what they might gain by hacking it. They might also choose one that’s easier to find in a congested area.
It is possible to turn off SSID broadcast, essentially making the name of your network invisible, but I don’t suggest that. Forcing users to manually enter the SSID, and the negative performance effects of probe requests on the Wi-Fi, typically outweigh the security benefit. And someone with the right tools can still capture the SSID from sniffing other network traffic.
Remember physical security
Wireless security—or all of IT security for that matter—isn’t all about fancy technologies and protocols. You can have the best encryption possible and still be vulnerable. Physical security is one of those vulnerabilities. Locking down just your wiring closets isn’t enough, either.
Sign up for Computerworld eNewsletters.