Home and Office Wi-Fi Security
...Initial router configurations are often set for convenience and not security, so it is recommended to take a moment to change some default settings.
Home and Office Wi-Fi Security
0
By Ops Tech Alliance Security Technology June 17, 2020

It’s Important Because It’s Everywhere

Wi-Fi is an interesting topic because it’s everywhere and it’s become vitally important for most people in their daily lives, but often there are some security or quality concerns many users don’t consider. The following is the first in a series of blogs focused on Wi-Fi, and will cover home and office Wi-Fi tips to help improve security and privacy on small, locally managed networks. There are dozens of affordable and open source tools available that enable relatively low-skilled “hackers” to attack, jam, or collect data from Small Office Home Office (SOHO) Wi-Fi routers. These are just a few tips that can help your network from being the “low-hanging fruit” these script-kiddies often target. 

How to Improve Wi-Fi Security and Privacy

  • Update firmware – When installing a new wireless router, it’s generally a good idea to check for updates to the firmware. These updates are released to address security and performance issues for older builds, so skipping an update could leave you vulnerable to identified attacks, or your SOHO router could be missing  out on the newest features that were released since it was purchased.

 

  • Change the default settings – Out of the box, your new router will probably just work. Manufactures want to ensure consumers can easily plug it in and start streaming cat videos immediately. The initial router configurations are often set for convenience and not necessarily security, so it is recommended to take a moment to change some default settings. Here’s a short list of minor changes to improve your Wi-Fi security posture:
    • Add a complex administrative password – default passwords are common knowledge and can be found all over the Internet. Take a moment to secure your router so visitors on your Wi-Fi network cannot access your management dashboard.
    • Upgrade to HTTPS – Home Wi-Fi routers are often managed through a built-in web server where Users can make configuration changes. Often, these web servers are set to HTTP but can be upgraded to use HTTPS, providing additional protection against sniffing or collection attacks while accessing the management dashboard.
    • Consider changing your default Service Set Identification (SSID) – The SSID is basically the name of your Wi-Fi network. Your SSID should be somewhat unique, to help prevent popular Rainbow Table attacks, while at the same time it should avoid grabbing unnecessary attention ( e.g. “FBI Surveillance Van”). Find a happy medium that your family and visitors can identify and remember.
    • Don’t hide! – Many Wi-Fi routers allow you to hide, cloak, or disable broadcasting your SSID. This does little to add security to you network while it could pique the interest of  script-kiddies eager to discover your hidden SSID.
    • For each Service Set Identification (SSID) or network, add a complex passphrase and change it often – At home, we use an SSID for the smart devices (TVs, Roomba, etc.) that has an impossibly long and complex passphrae that I seldom change. For our daily devices (laptops, tablets, etc.), we use a separate SSID with a more user-friendly passphrase that I update more often.  
    • Disable Wi-Fi Protected Set-up (WPS) – WPS was intended as a literal easy-button for connecting and authenticating to a wireless network. Unfortunately, WPS had a disastrous roll-out due to short key implementation and while it was fixed, still leaves an unnecessary attack vector open. It is just easier to disable and ignore.
    • Change your network’s security to Wi-Fi Protected Access (WPA) 2 or WPA3, if available. There are known attacks against WPA2 (which is why that complex passphrase is so important),  but if WPA3 is unavailable, WPA2 is the next best thing.
      • Vendors provide different options and names for Wi-Fi security and encryption. Unless you’re using some type of Enterprise authentication solution (e.g. RADIUS), you’ll want the option for “Personal” WPA2/3.
      • Also, if there’s an option to choose a cipher suite, select GCMP for WPA3 or AES for WPA2. 
    • Enable Management Frame Protection (IEEE 802.11w) – While not always available, this option defends against outside attackers injecting malicious data into the network(e.g. deauthentication or replay attacks).
    • Create a guest network/SSID – Most modern vendors offer a guest network option that prevents visitors from interacting directly with other devices on the network and from attempting to connect to the administrative dashboard.  Users can still browse the Internet within this walled garden but they’re restricted from doing much else.
    • Consider lowering transmit or output power – It is nice to get Wi-Fi in the farthest corner of your house, but how much further outside the walls is that signal penetrating? Unmanaged, a Wi-Fi signal can continue clear onto the next apartment or house, which means your streaming videos and Internet searches are being shouted  into the ether for anyone to hear and potentially sniff or collect. Granted, the actual data is encrypted (since you hopefully set up WPA2 or WPA3) but why add the risk? Most businesses do not leave unattended Ethernet cables lying around their parking lots, and front lawns…think of Wi-Fi as the same thing and keep it indoors. 

 

  • Consider router placement – Similar to output power, is the router ideally placed to reach within your home where you need? If not located centrally, is it penetrating the walls deep enough that your neighbors can see your networks? Maybe directional antennas could keep the signal from bleeding outside, or a meshed network of smaller routers and access points would provide manageable coverage that serves the whole home with Wi-Fi without much bleed over.

 

  • Set timing restrictions – Some SOHO routers include settings that will disable access during specific time periods. This is useful for disabling WiFi access to small offices during non-office hours and weekends.

This is just a short list of best practices for securing Wi-Fi at home and at work. In the future, we’ll discuss multi-band operations, mode and bandwidth selection, and other SOHO router configurations to help improve Quality of Service for small networks.

Related Posts

The Anatomy of the 2020 Twitter Hack

This hack has been called “the worst hack of a social media platform yet”….

0
22 Oct 2020
Webcam Security is More Important Than You Think

Since your webcam is likely in an area that you spend a lot of time, hackers can gain a great deal of information about you….

0
18 Nov 2021
Browser Hardening for Privacy and Security

Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit. Duis sed odio sit amet nibh vulputate cursus a sit amet mauris.

0
21 May 2020
Stop Using Weak Passwords

Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit. Duis sed odio sit amet nibh vulputate cursus a sit amet mauris.

0
03 Jun 2020
Protecting Your Privacy Using a Travel Router

Learn how to protect your information and devices from prying eyes while connecting to WiFi during travel….

0
01 Jun 2022
A Different Kind of Zombie Apocalypse

Someone else has the keys to your device, and they’re driving…

0
15 Oct 2020
Protect Your Data In The Cloud and On Your Computer with Cryptomator

Fortunately, Cryptomator makes it easy to quickly and securely encrypt data so users can have peace of mind that these cloud services cannot view or monetize their personal information….

0
01 Apr 2022
Securing The Internet Of Things

It may seem harmless for a hacker to steal control of your refrigerator, but there are ways it can be valuable to them…..

0
07 Jan 2021
Hiding In Plain Sight – Steganography and Polyglot Files

Unlike with cryptography, steganography messages are readable to anyone with the tools to find them…..

0
22 Jul 2021
Cloud Infrastructure Overview

Although cloud infrastructure is often referred to as “the cloud”, it is not a singular entity….

0
19 Nov 2020
Big Data & Artificial Intelligence

Lorem Ipsum. Proin gravida nibh vel velit auctor aliquet. Aenean sollicitudin, lorem quis bibendum auctor, nisi elit consequat ipsum, nec sagittis sem nibh id elit. Duis sed odio sit amet nibh vulputate cursus a sit amet mauris.

0
10 Jun 2020
Protect Your MFA Codes From Bots

The rise of these bot services is alarming because it shows a flaw in how services use MFA….

0
07 Oct 2021
The Growing Threat Of Ransomware

The bad news is you are increasingly likely to be the victim of a different kind of hostage situation….

0
10 Jun 2021
Passwords And Alternate Authentication Methods

Attackers understand that many users reuse passwords and often use bad passwords….

0
23 Sep 2020
Travel Safety

Do you want a foreign government or the thief who steals your wallet or purse to have pictures of your family, along with your drivers license that has your address?

0
01 Jul 2020

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.