The security of a WI-FI network is an issue that has to be dealt with by everybody who is concerned about the risk of the loss of data which is transmitted or shared with the help of a network. The Wi-Fi signal is transmitted through airwaves and thus can be intercepted by anybody who is located within its reach. This reach does not even have to be direct, i.e. if a directional antenna is used, a Wi-Fi network may be accessed even from several kilometres away, even if this exceeds the reach of your network. If the network is unsecured, its reach does extend way beyond the walls of one´s office. TIP: Find out how to create a wireless network
It is very simple to attack an unsecured wireless network and it exposes the unwitting owner of the network to many risks and unwanted consequences. This does not just concern potential loss of data or important company or personal information. The attacker can listen in to your communication, access any shared files and can even control individual computers or other equipment. The intruder can access the internet and use your connections or even take on your identity and commit a criminal act in your name, whereas the responsibility for this would be borne by the owner of the network and the computer equipment.
How then, can you secure a WI-FI network and avoid all these security risks? The basis of protection is the proper knowledge of the principles of wireless connections. There exist several forms of protection and it is recommended to use of combination of them to lower the probability of an unauthorised entry into the network and a successful attack.
Encryption of wireless network access
Encryption is unequivocally the most fundamental, best and basic way of securing a wireless network. If it is activated it ciphers all communication which takes place in your network. Without the knowledge or the capture of the encryption code it is impossible to get into the network. There exist a number of encryption protocols and it´s completely up to the user which one to select. WPA2 seems to be the most recommended one, nevertheless.
- Open – unencrypted access, anybody can connect to the network at any time
- WEP (Wired Equivalent Privacy) – somewhat outdated, has been broken and can easily be overcome; thus it is not really recommended (unless it concerns older equipment for which it is the only option)
- WPA (Wi-Fi Protected Access) – frequently used, hard to break encrypting protocol
- WPA2 (Wi-Fi Protected Access 2) – the strongest encrypting protocol, when used together with strong and long password it is unbreakable under normal conditions, sufficient and recommended protection
Password: A good password is just as important as a proper encrypting protocol. A good password is long, contains both symbols, capital and lower case letters as well as numbers; e.g. 642seCuRewiFI4573 ). The recommended length of a secure password is 15+ marks. When a strong password is used, the encryption protocol WPA2-AES is considered unbreakable under normal conditions and thus considered safe.
Filtering of MAC addresses
Every device which connects into a computer network has its own unique address, the so-called MAC address which may look like e.g. 42:61:8d:b1:82:c6. Most Wi-Fi routers allow their users to determine whether to admit all MAC addresses or only those which have been entered into a special address book. The setting up of such an address book lowers the risk of the admission of an unknown device into the network; however, experienced hackers know how to falsify a MAC address, rendering the filtering of MAC addresses in fact an ineffective safety tool. It is also takes quite a bit of maintenance (as the MAC address book has to be kept up to date) and therefore only to be recommended for wireless networks which have their constant and stable number of users.
Preventing the identification of the network (SSID)
Another method of network protection which is effective against more simple attacks or in keeping unwanted guests to hook onto the network in highly populated areas (where there may be a large number of Wi-Fi networks) is the blocking of your networks visibility in the list of identified networks which shows itself to users who try to connect to a network. With this protection in place, your network will not show up on such a list, but experienced hackers will know how to circumvent this protection as well and how to find out your SSID.
Change of access name and password
This may seem very trivial, but nothing is easier than changing your access name and password for access to the configuration of the wireless device (router, access point). It is recommended to change the pre-set factory setting which is usually admin / admin. If a hacker should get into the internal network, a changed password guarantees that he will not get complete control over the device and thus over your entire network. Additionally, it is possible to change the IP address of the router (the default set by the manufacturer is usually 192.168.1.1., this can be changed to e.g. 184.108.40.206) , which will make it more difficult for the hacker to find it.
Creation of a virtual private network (VPN)
The creation of a VPN can provide an above/standard level of protection. It does not provide direct protection or security to a wireless network, but it can be set up over or inside any network. The combination of encrypted access and a VPN makes a network secure from unwanted intruders.
Our recommendation for the provision of security for a Wi-Fi network is as follows:
- essential - encryption of network (the best is WPA2)
- optional but recommended - hidden ID (SSID) of your network
- optional - change the access code and password of your wireless device (router or access point) on which you are basing your network
- optional - change the IP address of your router
Additional helpful tips:
- How to create a company network
- how to create a wireless computer network