Wireless Security 101

Wednesday, September 09, 2015

Jayson Wylie

54a9b7b662bfb0f0445d1661d7ed180b

I read a recent article of an intrusion into a star’s home wireless security reflects the importance of security of home wireless.

Not everyone is technology savvy and push to get something to function verses securing it to the extent that it should be.  Even though the latest wireless routers will use the more up-to-date security configurations, there are older setups that may not be adequate.

WEP, WPA or WPA2 can be used on most routers. A WEP password can be obtained in short time.  Never use WEP if all devices can negotiate a more secure method.  WPA and WPA2 have both personal and enterprise configurations. Enterprise is the most secure but requires a certificate to be used.

A simple password may be easier to use when setting up you end point or to give out to visitors but this means that a cyber surveyor would find it more accessible when trying to grab access to your network.  It is important to create a complex password for both the wireless network and the administration of the device.

A few tricks to implementing initial protection would be to create internal an HTTPS only administrative connection.  It is preferred to use a LAN only administrative connection. Always browse through the configurations when setting the point’s security.  This allows familiarization with the settings and the ability to use the full functionality.

More recent routers have a Guest access partition.  The Guest network can give access to HTTP and HTTPS protocols without having direct access to the local network.  This doesn’t mean the security should be open or have simple security criteria.

Most modern routers have MAC address filtering and this is highly recommended.  It requires a little more effort but controls the devices that can connect to the network from the administrative port.  Potential intruders will not be able to connect even if the password is determined.  Some recommend not broadcasting the network but it can be picked up from an AP scanner anyway.

IP routers can use IPv4 or v6 addressing.  I disable the v6 function but if the v6 firewall should be specified when using the addressing.  AT&T Universe Routers have a highly configurable firewall and can augment security by not allowing different routes between the LAN and WAN ports.

Make sure you enable logging and back up the configuration if possible.  Maintain record of the device MACs that are connecting and let someone know if you suspect someone of jacking your router for nefarious purposes. Do your best to keep your wireless reuter's firmware up to date to address any security vulnerabilities.

Possibly Related Articles:
18171
General General Network->General Security Awareness
Wireless WiFi Security WEP Reuters
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.