DigiCert Blog

8 Steps to Stronger WiFi Security

Securing your WiFi network is important, both at home and at work. Learn top steps for securing any WiFi network.

With the continuous proliferation of public hotspots, more and more attention is being drawn to the security measures in place to prevent wireless man-in-the-middle attacks. Even if you are not employing SSL Certificates to provide network security, there are still a few WiFi security options that will dramatically improve the security of your network.

1. Use Sophisticated Passwords
Like all passwords, the WPA2 password that you use to secure your wireless network should be long and sophisticated enough to foil hackers attempting to “aircrack” your password. Personal names, simple dictionary words, or easily guessed numbers should be avoided.

2. Change the Default WiFi Admin Username and Password
The easy first step to improved security is to change the default username and password. Since most routers don’t require a physical connection to log into the admin interface, eliminating this vulnerability removes the lowest hanging fruit available to hackers.

3. Use the Latest WiFi Encryption
If your hardware can only support WEP or WPA encryption, you should replace it. The Wi-Fi Alliance, which DigiCert belongs to, strongly recommends the uniform adoption of WPA2. Cutting-edge encryption has been proven to be secure against even the most committed attackers as long as it is properly implemented. If you are managing an enterprise environment you should be using the additional protection afforded by dedicated digital certificates.

4. Encrypt WiFi Router Admin Pages
Taking your WiFi security a step further requires securing your administrative login pages with a digital certificate for WiFi. The self-signed certificates that come pre-installed on some routers are publically untrusted, easy to duplicate, and vulnerable to Man-In-The-Middle (MITM) attacks. SSL Certificates from trusted Certificate Authorities will ensure that all of your communication via WiFi remains secure and private. If your router doesn’t cover digital certificates in the quick start guide, you can find instructions on the manufacturer’s support website.

5. Update the WiFi Router Firmware Frequently
Research shows that up to 80% of routers ship with severe security vulnerabilities. Part of the reason for this is the obsolete firmware that is included and automatic updates that are turned off by default. Like other aspects of your network, timely updates are an essential part of any security plan. Ignoring the firmware updates will ensure that your network security will fall further and further behind as new exploits are devised by hackers.

6. Consider Locking Down MAC Addresses
While this may not be practical in larger networks, admins on smaller networks can lock down MAC addresses to have a high level of control. Wireless routers and Access Points rely on access control methods like MAC (Media Access Control) address filtering to prohibit network requests from potential attackers. Every WiFi-enabled device is assigned a unique MAC or physical address and maintains a list of devices that can connect to them. You can manually input addresses to designate exactly who can connect to your network, although you should be aware that there are tools that allow attackers to fake MAC addresses.

7. Train Users Not To Auto-Connect
Your mobile work force might be tempted to set their devices up to auto-connect to any WiFi signal it encounters. This is especially dangerous in situations where it would otherwise obvious to your users that it would be unwise to check their email, due to the possibility of a nearby hacker sniffing the network, but their device connects without asking for permission. Another danger comes in the form of hotspots created specifically by hackers with the sole goal of hacking into connected devices.

8. Use Always-On SSL
The same reasons that you are recommended to use HTTPS everywhere throughout your website apply equally to WiFi. Accessing an account on an encrypted page and then continuing to interact with the site via unencrypted pages leaves the user vulnerable to session sidejacking.

Conclusion

Whether you are a regular WiFi user or operate a wireless network, take a few minutes to consider the security you are employing and whether it has been properly configured. Wireless access points are occasionally an afterthought when securing a complex network, but are easily exploitable if you haven’t taken the correct precautions.

Share on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn0