Setting up a new wireless router, or seeking to better secure your existing Wi-Fi? Perusing the Internet will provide you with all sorts of information on the "necessary" steps required for protecting wireless networks, but some of the advice you will find may result in a complications and instill a false sense of security, according to analyst Chris Hoffman, who sought to debunk some of the most prevalent myths about Wi-Fi security in a recent article.
One of the most widely held beliefs is that users need to take advantage of the option to hide a wireless network’s SSID, which Hoffman says is a complete waste of time. Hiding a network's SSID does not provide added protection, but instead creates a condition where your devices will be announcing the network's name as they search to see if they are in range of the router.
Hoffman says that monitoring tools available can readily detect the SSID from these attempts to locate your network, so opting to hide the network's name provides no added protections against intrusions.
"Even when you’re on the other side of your country, your laptop will have no idea if your network is nearby and it will continue trying to find it. These broadcasts will allow people nearby to determine your network’s SSID," Hoffman wrote.
Filtering by MAC Address
Media Access Control, or MAC addresses, are identifiers unique to every device that connects to a wireless network. One common piece of advice offered for protecting Wi-Fi systems is to restrict access to the network based on MAC addresses of authorized devices. Hoffman says this technique is useful for making the network more difficult to connect to - especially for newly obtained devices or those of welcome guests attempting to use your wireless connection - but ultimately provides no additional security for the network.
"People within range of your network can sniff your Wi-Fi traffic and view the MAC addresses of the computers connecting. They can then easily change their computer’s MAC address to an allowed MAC address and connect to your network," Hoffman said.
Using Static IP Addresses
In addition to the notion that hiding SSIDs and filtering by MAC address are essential to Wi-Fi security, Hoffman points out that many believe using static IP addresses is a necessary precaution. Routers automatically assign an IP address to devices when they connect to the network. By disabling this option, users attempting to connect to a network would be required to manually enter an IP address for the device, but Hoffman says this does nothing to prevent unauthorized access.
"There’s no point in doing this. If someone can connect to the wireless network, it’s trivial for them to set a static IP address on their computer. In addition to being extremely ineffective, this will make connecting devices to the network more of a hassle," Hoffman wrote.
WPA2 Encryption and Strong Passwords are Essential
So what does work to secure your Wi-Fi? Hoffman suggests it's as simple as using the right encryption option in conjunction with a strong password. Most routers offer the choice of using WEP as an option to accommodate older devices, but the outdated encryption protocol can be cracked with little effort.
Hoffman recommends enabling the WPA2 encryption option to properly secure the wireless network, but this will only be effective if the user also chooses a very strong password or passphrase with at least 15-20 characters, as opposed to the default minimum of eight characters. These two factors are the key to securing your Wi-F, and will prevent headaches when attempting to access the network with new devices, or from those of an authorized guest. Pretty simple, straight-forward advice.
"Assuming you’re using WPA2 with a strong password, you’re all set. You don’t have to put up with the hassle of hidden SSIDs, MAC address filtering, and static IP addresses to secure your network," Hoffman concluded.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us