REDLEGG BLOG

Securing Wireless Networks

Mar 13, 2018 2:01:01 PM  |  by Phil Grimes

This week, we want to talk about securing Wireless Networks. Wireless communications have become nearly ubiquitous, but despite the rapped growth of their acceptance, the knowledge to secure those networks has been greatly ignored. We still see many home networks today that are using default configurations. Many vendors have been making their built-in security stronger, but these should still be considered a starting point and not considered the goal for wireless network security.

For the home user, there are normally three options to configure wireless network security:

Open

This isn’t security at all and is an unencrypted wireless access point where anyone can connect to the network. This should never be used for regular home usage or any other network where you expect to normally send sensitive information.

WEP

Short for wired-equivalent privacy, this older standard can easily be broken by someone merely monitoring the network over time. The handshake and encryption method used is extremely weak. This method should not be used.

WPA/WPA2

Multiple methods of authentication exist; however, the primary method available for most home users is pre-shared key. This is a passphrase used by each client connected to the network and perform the encryption handshake. It is important the pre-shared key is of a sufficient strength to minimize risk of brute force and hash cracking attacks.

What is a sufficiently strong pre-shared key? If we look at current standard for passwords, the goal is more about length then character complexity. Phrases are a good place to start. A complex sense with 16+ characters would be sufficient to minimize risk from most attack methods against pre-shared keys.

Even with strong pre-shared keys, there are other features that can weaken network security. WiFi Protected Setup (WPS) was created to simplify the process of connecting new devices to the network. This method often involves simply pushing a button on each device and following the steps to authenticate. This method relies on a simple PIN method to authenticate and is prone to its own weakness. My general guidance to anyone is to turn off WPS. Any ease in setting up a new device is minimized by the increased risk to your network.

Finally, we want to briefly mention, while it will not harm your network security, it is not a security measure to use hidden SSIDs. It is a relatively trivial task to unmask these values and determine the name of the hidden networks.

Subscribe to Our Blog

Follow everything RedLegg as we provide comprehensive solutions for real-world data protection and security challenges.

Recent Articles

Two Data points is a trend. Three Data points is a story

Two Data points is a trend. Three Data points is a story

Data is the building block of everything we see and do in the Digital Age. But our reliance on data goes beyond that. ...
Top 5 Benefits to Hiring a vCISO (Virtual Chief Information Security Officer) blog

Top 5 Benefits to Hiring a vCISO (Virtual Chief Information Security Officer)

Every day, there seems to be a news story about the latest data security breach. Guarding the privacy of company ...