Wi-Fi Security: How To Turn Your Wireless Network Into a Fortress | Antivirus Software

Regardless of whether you operate a private or an internal company network, the desire for security is the top priority. Due to their nature, traditional networks with lines and cables offer a certain level of protection against external attacks: Without physical access to the lines, which logically run within a building, strangers cannot easily eavesdrop or read or access data.

However, anyone who wants to use the practical possibilities of a wireless network has to struggle with a significantly greater security problem. The transmission medium here is not a cable, but free space and the range are not measured by the length of the cable, but by the strength of the radio signals. If a device in the wireless local network - better known as WLAN - sends data, a spy only needs a receiving device that is within range of the radio signals sent. It is therefore important to ensure good WLAN security so that you can use the wireless communication path without hesitation.

What is a WLAN Actually?

Wireless Local Area Network, or wireless LAN for short, is the English term for a wireless local area network. This type of networking is mainly used where the cabling of the network devices is not possible or difficult to implement and involves a lot of effort. However, a wireless LAN can also exist purely for reasons of convenience. Wireless connections are particularly widespread in the private sector. Here, WLANs represents an excellent solution for implementing Internet access in the entire living area without laying various cables. Wireless networks are also useful in offices, especially when a large number of portable devices such as laptops, tablets, or smartphones are in use.

There are three different modes of operating wireless networks:

• Infrastructure Mode : The structure of this mode is similar to the cellular network. A wireless access point takes over the coordination of all network participants and sends them small data packets with information about the network name, the supported transmission rates, or the type of encryption at adjustable intervals. The access point is often a router.

• Wireless Distribution System: Since WLANs use the same type of addressing as Ethernet, you can easily establish connections to wired networks (or other wireless networks) via the access point. This is how you link these networks and, for example, increase the range, which is why we speak of a wireless distribution system.

• Ad-hoc Mode: In ad-hoc networks, there is no central control instance so that the respective end devices have to take over the coordination. These networks are used for fast, direct communication between individual participants. However, this WLAN mode is not really widespread - alternative technologies such as Bluetooth is much more common.

These Are the Weak Points of Wireless Networks

The framework data for communication in radio networks are specified in IEEE 802.11 by the Institute of Electrical and Electronics Engineers (IEEE) near New York. In the beginning, however, little emphasis was placed on security when defining the WLAN standards: unencrypted transmission and no need for user authentication gave anyone within the range of access to the wireless network. The demand for WLAN security measures ultimately favored the development of the following encryption and authentication methods:

• Wired Equivalent Privacy ( WEP ): WEP is the oldest standard for WLAN encryption and dates back to 1997. It offers the two authentication methods Open System Authentication (all clients are activated) and Shared Key Authentication (activation by password). WEP also includes the RC4 encryption method. Due to various vulnerabilities, WEP is now considered insecure and out of date.

• Wi-Fi Protected Access ( WPA ): WPA is based on the WEP architecture and was developed to eliminate the weak points of the same procedure. To ensure this, WPA works with a dynamic key based on the Temporal Key Integrity Protocol (TKIP). Since WPA also has certain security deficits, new wireless access points (since 2011) and all WLAN-enabled devices (since 2012) are no longer officially allowed to support this protocol.

• Wi-Fi Protected Access 2 ( WPA2 ): With the IEEE 802.11i standard in 2004, the currently most secure WLAN encryption and authentication method WPA2 appeared. Instead of TKIP, WPA2 uses the much more modern AES encryption method. For this reason, when setting up a WLAN, you should always prefer WPA2 to the older WEP and WPA standards.

• Wi-Fi Protected Setup ( WPS ): The standard WPS is not a transmission or encryption technology, but an automatic configuration that is intended to facilitate the WLAN configuration of new network participants. Authentication takes place at the push of a button (WPS-PBC) - physically at the access point or virtually via a button implemented by software - or by entering a PIN (WPS-PIN). Alternatively, there is the option of exchanging the network settings via USB stick or via NFC (short-range radio technology).

Although WEP and WPA have a legitimate, more secure successor with WPA2, some operators still use these outdated standards - provided they are supported by the wireless access point - to encrypt their WLAN. Whether this happens unintentionally or for reasons of compatibility (to allow access to older devices) is irrelevant. One thing is clear: Such networks are exposed to a greatly increased risk of unauthorized access - this negligence is one of the main reasons for the critical assessment of WLAN security. Other errors that invite attackers and thus doom many wireless network operators include:

• Adopt standard user names and passwords in wireless access points

• to adopt insecure basic configurations of the wireless access point

• to use incorrect implementations of WPA2 and WPS

Also, despite the standard WLAN security measures taken, wireless networks are susceptible to normal DoS or DDoS attacks as well as to so-called evil twin attacks. In the latter case, attackers use special firmware to smuggle a fake wireless access point into the network, which the network participants then mistake and contact to be the actual access point. The Evil Twin reacts by asking for authentication and receives the access data for the WLAN from the unsuspecting network device. It also takes over the MAC address of the client (MAC spoofing) and thus has all the data necessary to establish the connection. Publicly accessible WLANs in particular are threatened by this attack method.

Making WLAN Secure: A Question of Consistency

The listed weaknesses show how important it is to deal with the various possibilities of WLAN security. Because anyone who assumes that they have a firewall and a secret password for optimal protection will quickly be convinced of the opposite in the event of a targeted attack. There is more to the comprehensive protection of wireless networks than switching on a router, a five-minute setup, and the search for a secret word that should not be easy to guess, but also not too difficult to enter. The more careful you are with the configuration and the subsequent administration, the more secure your network will later be.

The basis of WLAN security: the correct configuration of the wireless access point

As the central control unit of the network, the wireless access point - usually a router - is also the crucial piece of the puzzle for its security. More precisely, the settings you make for this hardware component determine whether an attacker can gain access to your WLAN within a few seconds or whether the attempt will remain. These are the most important configuration steps:

Step 1: Create an Individual Administrator Access

So that an access point can be configured, so-called firmware runs on it, which presents you with a user interface in any normal Internet browser as soon as you call up the IP address of the access point. This interface is accessed via an administrator account for which a standard user name and password exist. These log-in data are not individual, but are the same for all devices of the respective model and also very simple, e.g. B. "admin" (password and username) or "1234". Therefore, assign your own login data for the administrator account right at the beginning of the configuration. You can write them down and keep them in a safe place, but you should never put them on your computer without a suitable password storage device.

Step 2: Select WPA2 as The Encryption Method

To encrypt your WLAN, you should definitely choose WPA2, as the two predecessors WPA and WEP are out of date, as mentioned, and their use means an increased security risk. The combination options “WPA / WPA2” or “mixed” are also not recommended. Instead, plan on using network devices that support WPA2 and do not rely on the old encryption methods. If you are working with the WPS automatic configuration, you should only switch it on when it is required.

Step 3: Create a Secure Wi-Fi Password

So far, only password attacks have been known for WPA2, especially brute force attacks, and dictionary attacks are very popular with cybercriminals. The value of a complex WLAN password should therefore not be high enough. The best way to deal with the decryption algorithms and word lists of the tools used is to set up a WLAN key that consists of as many characters as possible, whereby you should use upper and lower case letters as well as numbers and special characters. Also, avoid meaningful words and distribute the characters randomly. You can also keep the WLAN password in paper form in a safe place, although a digital storage location is not advisable.

Step 4: Provide an Unidentifiable Network Name

A WLAN security measure that primarily serves your personal protection is the formulation of a Service Set Identifier (SSID) that cannot be traced back to you. The SSID represents the name of your network and is presented to everyone within the signal range. If you are not currently operating a public hotspot, you should therefore avoid personal information that identifies yourself, your company, or your location. Many see a security upgrade in hiding the WLAN name (Hidden SSID). However, this technology does not represent too high a hurdle for attackers and also makes it difficult for the authorized clients to establish a connection. If you hide the SSID of your WiFi, it can even happen that some devices no longer see the access point and consequently cannot establish a connection.

Step 5: Activate the Automatic Firmware Update

For general WLAN security, the firmware of

the wireless access point must be always up to date. As with any software, attackers can take advantage of any security gaps they have discovered. B. Obtain administrator rights or smuggle in malware. Some access points have an automatic update function for the installed firmware, which you can activate without hesitation. If not, you should check regularly to see if there are any updates for your device, and then download and install them manually.

Other Useful WLAN Security Measures

If you have configured your wireless access point accordingly, your wireless network is already properly protected. However, depending on the intended use, there are various tasks to be performed even after it is set up. Since the majority of all WLANs z. B. is connected to another network - mostly to the Internet - you should definitely set up the firewall included in the access point or your own firewall to filter out unwanted connections. It also makes sense to consider using an intrusion detection or intrusion prevention system to detect and prevent attacks at an early stage.

If you want to give customers access to the Internet via WLAN, you should always work with a separate SSID, which you create and configure in addition to your workplace WLAN or LAN. In any case, as the operator of the radio network, you are jointly responsible for the type of use of the connection; any copyright infringement can quickly fall back on you. To be on the safe side, you should therefore keep an eye on the use of the bandwidth and block dubious websites in the router settings.

If you operate a WLAN in a professional environment, regular security tests using specific tools are of great benefit. In this way, you can simulate common hacker attacks and find out whether your WLAN security measures are effective. Here too - as a representative of the entire process of WLAN security - the principle applies: the more conscientious and detailed you proceed, the better. Make the effort and

• configure your wireless access point carefully,

• install additional security components such as IEEE 802.1X, a firewall or an intrusion detection system,

• operate work and guest networks separately

• and regularly check that the network components are up to date and perform well

This turns access to your WLAN into a wall that is difficult to overcome for attackers. To protect your work you should install antivirus software.