Basic and very important points about WiFi security
WiFi security

Basic and very important points about WiFi security

WiFi security

Important points about WiFi security  , because wireless communication is inherently less secure.


 WiFi security is   much more than just setting a password. By taking the time to learn and use advanced security measures, you can find a great way to better protect your network. Here are five tips for Wi-Fi network security   that are very important and effective.

Use an unusual or hidden network name ( SSID )

Service ID ( SSID ) is one of the mainstays of Wi-Fi network settings   . Although the name of the network does not seem to endanger security, it can undoubtedly help with vulnerabilities. Using an  SSID  that is too common, such as ” Wireless ” or the vendor default name, can cause personalized WPA  or  WPA2 security   to be compromised. This is because the encryption algorithm includes an  SSID  , and cracking glossaries   used by hackers are   loaded with the default SSID . Using one of these makes the hacker’s job easier.

(As we will see, one of the advantages of using enterprise mode is that networks that use WPA enterprise mode   or WPA2 security   are less vulnerable.)


“Call your network smart – something general, but not very common without revealing location”

However, we may choose the SSID name   very commonly, such as company name, address or license number, which may not be the best idea. Especially if your network is in or near one building. If hackers accidentally pass by you and  detect, for example, twelve different  Wi-Fi networks , they will probably identify one of the easiest ones to hack. It is also easier to find vulnerabilities in a crowded area.

 You may   disable SSID broadcast , which makes your network name invisible, but I do not recommend this. Forcing users to manually enter the  SSID , and the negative effects of application performance  prob  in  Wi-Fi , the benefits are usually not secured, a hacker with the right tools can be traffic from other network  SSID   will also be found.


Do not forget about physical security

Wireless security – or all network security in new and modern technologies is not summarized in the protocols. You can have the best encryption and still be vulnerable. Physical security is one of those vulnerabilities.

Multiple access points ( APs ) have a reset button that can be pressed to reset to factory defaults as well as remove Wi-Fi security   and allow anyone to communicate. That way,  APs  distributed throughout your system must be physically secure and also protected from spyware. Make sure they are always out of reach and use the locked mechanism by the AP vendor   to restrict physical access to the AP buttons   and ports. 

Another physical security concern about  Wi-Fi is  when someone   adds an unauthorized AP to the network, commonly referred to as a ”   rogue AP  “. This could be for legal reasons by an employee who wants to cover more  Wi-Fi  , or by an outsider trying to access the center.

To prevent this type of  AP  , make sure   to disable unused Ethernet ports (wall ports or loose Ethernets).

 You can physically remove ports or cables or disable that cable connection on the router or switch. Or if you really want to increase security, enable 802.1 X authentication  on the network, which requires support for your router or switch, so any device that connects to the Ethernet port must be logged in to access the network. Enter the login page.

The  WPA2  Enterprise authentication 802.1 X  use

One of the most effective security mechanisms  Wi-Fi  you put the organization in a secure  Wi-Fi  because each user individually authentication so that everyone can username and password  Wi-Fi  have their own. So if a laptop or mobile device is lost or stolen or an employee leaves the company, all that is needed is (change or cancel specific user information).

 (In personal mode, all users share a Wi-Fi password, so when devices are lost or your employees leave, you have to change the password on each device – with no hassle.)

 Another great advantage of enterprise mode is that each user has their own key. This means that users can only monitor their data traffic.

To put  APs  in enterprise mode, you must first  set up a RADIUS server  . This allows the user to authenticate. Connects to a database or directory (such as  Active Directory ) and retrieves each user’s usernames and passwords.

If you want a server  RADIUS  standalone install, it is important to check that other servers (like a Windows server) already provides this function or not, if not, a service  RADIUS  -based cloud or  Host  in Consider.

Also keep in mind that some wireless access points or controllers provide a basic base built into the RADIUS server   , but their performance and limited capabilities are usually useful for smaller networks.

“Using enterprise Wi-Fi security   , users need their own unique username and password when connecting.”


 Secure 802.1 X client settings

Like other security technologies, enterprise Wi-Fi mode   still has vulnerabilities. One of these attacks is  man-in-the-middle  . A hacker sitting in an airport or cafe or even outside the parking lot of a corporate office, one can create a   fake Wi-Fi network with the same   or similar SSID as the network trying to emulate; A  fake RADIUS server can record your login credentials when your laptop or device tries to connect  . The hacker can then use your login credentials to connect to a real  Wi-Fi network  .

One way to prevent man-in-the-middle attacks    with 802.1 X authentication  is to use server authentication on the client service. When server authentication is enabled on the wireless client, the client  will not transfer  their Wi-Fi login credentials to the  RADIUS server  until it communicates with a legitimate server. The ability to accurately verify the server and the requirements you can impose on customers vary depending on the client device or operating system.

For example, in Windows, you can enter the domain name of a legitimate server, select the server issuer certificate license, and then execute each new server license or certificate license. So if someone sets up a fake  Wi-Fi network  and RADIUS server   and you try to log in by mistake, Windows will stop you from connecting.

“When you adjust the settings to configure  EAP  connect  Wi-Fi , verification server features 802.1 X  Windows can not find.”


Use Rogue-AP detection   or wireless intrusion prevention

We’ve already looked at AP vulnerabilities in three scenarios  : where an attacker could set up a fake  Wi-Fi network  and a RADIUS server   ; Another that can  reset an  AP to factory defaults and a third, the person   himself can enter his personal AP into the network.

Any of these   unauthorized APs may be detected by IT staff for a long time if they are not properly protected. Therefore, it is a good idea to enable any Rogue-AP detection   provided by   your AP or wireless controller vendor. The exact method of detection and operation varies, but most of them at least periodically scan the airwaves and  warn you if a  new AP is detected within the permissible range.

A simple example is the identification of ” Rogue-AP  , using the  courtesy  of  Cisco  where you can browse the  AP  other area in your area.

The ability to detect more, some of the  AP   an intrusion detection system wireless full ( WIDS ) or system Ingress Protection ( WIPS ) offering that can range from attacks on wireless and suspicious activity associated with the  Rogue-AP  and Identify, which includes erroneous authentication requests, expired server requests, and misuse of the Mac address.

 In addition, if you use a   genuine WIPS that provides protection, not  WIDS  that only detects, it should be able to perform automated actions such as eliminating or blocking a suspected wireless client to protect the attacking network. .

If  your AP provider does  not have built-in anti-virus security features or   does not support WIPS , consider a third-party solution. You might look at sensor-based solutions that can monitor Wi-Fi performance   and security issues from companies like 7 SIGNAL ,  Cape Networks  and  NetBeez  .

Wi-Fi is  an entry point that hackers can use to access the network without getting inside your building, because wireless communication is much more vulnerable than wired networks, a feature that makes us Let’s be more careful about the security of our connection.

See Also Protecting companies against cyber threats

follow on facebook
follow on linkedin
follow on Reddit