Wireless networking can be kind of scary from a security standpoint. It opens up whole new attack vectors from wifi hackers that were not present with wired network infrastructures. That doesn’t mean you can’t do it securely, however, and I aim to give you some ideas that can help you cover your wifi network from getting hacked.
You have to determine what options apply to you, and whether the fact that your plans make a given suggestion unusable means your plans are wrong or the suggestion simply is not relevant in your case.
Five Tips to Protect Your WiFi from Net Misusers:
1. Use a strong password:
A sufficiently strong wifi password makes the likelihood of hacking it through brute force attacks effectively impossible. Using a sufficiently weak wifi password, on the other hand, almost guarantees that your wireless system will be hacked at some point.
2. Don’t broadcast your SSID:
Serious wireless hackers who know what they are doing will not be deterred by a hidden SSID – the “name” you give your wireless network. Configuring your wireless router so it doesn’t broadcast your SSID does not provide “real” security, but it does help play the “low hanging fruit” game pretty well.
A lot of lower-tier security crackers and mobile malicious code like botnet worms will scan for easily discovered information about networks and computers, and attack those that have characteristics that make them appear easy to compromise.
One of those is a broadcast SSID, and you can cut down on the amount of traffic your network gets from people trying to exploit vulnerabilities on random networks by hiding your SSID. Most commercial grade router/firewall devices provide a setting for this.
3. Use Good Wireless Encryption:
WEP is not exactly “good” encryption. With a freely available tool like aircrack, you can sniff wireless traffic protected by WEP and crack security on that network in a matter of minutes.
WPA is the current, common encryption standard you should probably be using – though, of course, you should use something stronger as soon as it becomes available to you.
Technology is advancing every day, on both sides of the encryption arms race, after all.
4. Use Another Layer of Encryption When Possible:
Don’t just rely on wireless encryption to provide all your security on wireless networks. Other forms of encryption can improve the security of the systems on the network, even if someone happens to gain access to the network itself.
For instance, Open SSH is an excellent choice for providing secure communications between computers on the same network, as well as across the Internet.
Using encryption to protect your wireless network does not protect any communications that leave the network, so encryption schemes like SSL for dealing with e-commerce Websites is still of critical importance.
The fact you are using one type of encryption in no way suggests you should not be using other types of encryption as well.
Read: Google launches inactive account manager to manage your data after you die
5. Shut down the network when its not being used:
This bit of advice is even more dependent on specific circumstances than most of them. If you have the sort of network that does not need to be running twenty-four hours a day, seven days a week, you can reduce the availability of it to wifi hackers by turning it off when it isn’t in use.
While many of us run networks that never sleep, and cannot really put this suggestion into practice, it is worth mentioning if only because one of the greatest improvements for not getting your wifi hacked, is to simply turn it off. Its not possible to hack something that’s not there.
6. Shut down your wifi network interface, too:
If you have a mobile device such as a laptop that you carry around with you and use in public, you should have the wireless network interface turned off by default.
Only turn it on when you actually need to connect to a wireless network. The rest of the time, an active wireless network interface is nothing more than another wifi hacking vector for hackers to use as a target.
7. Don’t waste your time on ineffective wireless security measures:
Every now and then, I run across some technically deficient end user handing out free advice about wifi hacking security based on things overheard and half-understood.
Generally, this advice is merely useless, though often enough it can be downright harmful. The single most common bit of bad advice I hear from such people with regard to wireless networking is the admonition that when connecting to a public wireless network, such as in a coffee shop, you should only connect if the network uses wireless encryption, so that potential wifi hackers cannot see what you’re doing.
Sometimes these people get the advice half right, and recommend only connecting to networks protected by WPA – its half right only because WPA is the wireless encryption you should use, if you are going to use wireless encryption at all.
There is no point in trying to “protect” yourself by connecting to a public access point only if it uses encryption, however, because the fact that the encryption key will be handed out to anyone that asks for it completely obviates the supposed protection you expect.
Its a bit like locking the front door of the house, but leaving a big sign on the “wifi door” that says “The key is under the welcome mat,” which only protects against illiterate hackers.
If you want your network to be available to everyone that walks onto the premises, just leave it unencrypted, and if you need to connect to the Internet in some public location, don’t worry about encryption. In fact, if anything, the wireless encryption might more properly serve as a deterrent rather than an enticement to using that particular wireless network, because it reduces convenience without effectively improving security at all.
Most of the security tips one can offer about wireless networking are the sort of thing someone might call “common sense”. Unfortunately, there is an awful lot of “common sense” floating around out there, and its not easy to keep it all in mind all the time.
You should always check up on your wireless networks and mobile computers regularly to make sure you aren’t missing something important, and you should always double-check your assumptions to make sure you aren’t wasting your energy on something not only unnecessary, but entirely useless, when more effective security measures could use your attention.