Everyone loves Wi-Fi, it is becoming an integral part of business and home life and I am sure it was invented by someone who didn’t want to pay for phone calls. The problem with Wi-Fi is that it is inherently unsafe, from a security perspective. What do I mean by that?
Straight out of the box most Wi-Fi systems are designed to be as easy to use as possible. Systems made by Belkin, Dlink, netgear and netcomm are designed to be set up fast, and are driven by convenience. I set up a netcomm router recently that created a separate Wi-Fi network without my knowledge, even after I had configured the Wi-Fi the way that I wanted it to be. The separate Wi-Fi network had no encryption settings at all, you can imagine how annoyed I was when I saw this.
The more expensive the system is the more security will be applied to the system. The functionality between an expensive Wi-Fi system and a cheap one may not be noticeable but the security and additional features will be.
For an office always invest in a system that has a higher level of functionality. This includes systems by Cisco, Fortinet, watchguard, juniper and linksys. These systems will include additional features like internet filtering, intrusion detection, anti-virus, anti-malware, SPAM filtering and VPN end points. Although you are putting all of your eggs in one basket the basket is pretty secure and can be further protected by an all-encompassing warranty.
So here are the 5 points to ensure that you have set up a secure Wi-Fi system!
1. If possible purchase the most expensive system that you can afford.
All routers and ADSL modems have a Wi-Fi system included for a small additional cost. The more expensive the system the more functionality and secure the system will be.
As mentioned above additional features for your business will increase your security foot print by allowing management to enforce policy compliance, track access, restrict websites and protect the business with a second level of anti-virus protection.
Any one, system or requirement that attaches to your Wi-Fi needs to have a pass phrase. The encryption level should be set to WPA-PKI or higher. This ensures that the encryption that is negotiated with both ends of the connection are encrypted to the highest level possible.
The longer and more complicated the pass phrase is the more secure your Wi-Fi will be. The length and complexity of the pass phrase doesn’t make the encryption stronger but it does make it harder to crack. In addition you can also configure the Wi-Fi connection using SSL and TTL certificates. This makes the system even more secure. This level of encryption is only available in the higher priced systems.
If possible have a separate pass phrase for each connection. Again, the purchased system has to be more expensive to allow this level of support. This also allows you to track usage and more importantly who has given the pass phrase away to someone else.
3. Hide the access point name
Each Wi-Fi system has an SSID, open up a smart phone of tablet in a shopping centre and look at the Wi-Fi areas. Each name is a Wi-Fi system of some type and this is called a SSID This means that when you set up your Wi-Fi system you give it a name and this is what it broadcasts to the world. Most systems have a tick box that allows you to hide this so that you need the additional information of an SSID before you connect.
If the SSID is also complicated using alpha numerical characters and capitals it makes it even harder to connect. A Wi-Fi connection with a hidden SSID and a complicated pass phrase is getting more and more secure.
4. Change all default settings:
For some reason, unknown to everyone most router and Wi-Fi systems are installed with just the default passwords in place. Once you have tested the Wi-Fi, made sure that users can connect to it with complicated SSID’s and complicated pass phrases change the default password to anything.
This ensures that a local user can check the make and model of the router and look up on the Internet with this search “Wi-Fi make and model default password” and be told how to get into your Wi-Fi and either change it or reset it.
5. Put Wi-Fi access on a different network
This can be achieved in a number of ways.
The more expensive systems have it set up as default and unless the configuration allows it there is no access between the Wi-Fi and the normal network. The Wi-Fi becomes a type of Demilitarized Zone (DMZ) no traffic can cross over.
This adds an additional level of protection to your network. If your Wi-Fi system is compromised then they only have access to the Internet, they do not know where the main network is and they do not have access to it. Protection via invisibility.
In addition if you have rules and requirements open then a compromised system can only have user access to the Internet. Bandwidth hogging applications like P2P, VOIP and Skype can be severely restricted or preventing from accessing the Internet keeping your connection secure.
Yes there are other points that make a secure Wi-Fi connection but these are the most important. In addition to this if you are using a free Wi-Fi connection at the local coffee shop that does not require a pass phrase – then STOP NOW. All of your information that you type and read is not encrypted therefore anyone can read your passwords and usernames if they have a want to.
Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.