When the first models of routers came out in 2005, users had hard time configuring security, partly because it was described as complicated, but also because people were not aware of the risks.
Today, you need to know that wireless connections carry their own, unique security risks. These fall into a range of categories:
– Piggybacking: other users can sneak on your connection to access the Internet, affecting performance and having full access to your network and files. This intrusion takes place when no authentication or encryption has been enabled.
– Session stealing: On wireless networks with no security, intruders on the same network can steal other users’ website sessions. New packet sniffing tools such as “Wireshark” make this task easy to do for even non-tech people.
– MAC spoofing: Hackers get the MAC (Media Access Control) address of your network and use it to gain access and intercept network traffic.
– Denial of service attack: A cyber criminal floods your network with requests and prevents its legitimate users from accessing the wireless network.
The old encryption standard WEP in wireless security has now been replaced by Wi-Fi Protected Access (WPA and WPA2), so as long as you set it up with secure passwords and hard to guess keys, the network connections you make should be pretty safe.
Other tips to secure home and small business wireless networks are the following:
– Change your wireless network SSID to something that will not associate the network ID with your business. Do not use dictionary names for that.
– Turn off SSID broadcast.
– Incorporate network-based authentication if your wireless network supports this.
– Consider connecting your wireless network to the Internet only, and require users to connect to your VPN to access the internal network.
– Reduce the number of IP addresses that the DHCP server releases: that way you will only need a number of IPs for your devices, and nobody else will be able to have iPs released from your router.
– Change the DNS settings in your wireless router: when every http or https request is made, the traffic will travel through cleaned servers that already have balcklisted IPs.
– Enable SPI Firewall that has the ability to filter unauthorized packets.
– Change the default Ip address of your router and its login. If, for example you leave your router with the default IP from the manufacturer, which can be 192.168.1.1 and admin as a user, you will fall prey of intruders.
Securing wireless networks nowadays is not complicated at all: what a good network engineer usually does is the customization of all the features of the router interface to avoid breaches into the network.