Around the Millenium when 802.11 was ratified, any measure of security was enough; just having an SSID that was closed was “security”. Then came WEP to stop unauthorized access, however, that was soon cracked. That is why, the IEEE and the WiFi Alliance devised WiFi Protected Access (WPA).
Protecting WLANs (Wireless Local Area Networks) should be a chief concern. Learning how to protect your wireless networks from cybercriminals is a wise investment of your time and energy. There are some easy things to do to reduce your risk, remediate vulnerabilities, and protect your users and their data. It is not easy staying vigilant, but it is important. It takes time and energy to manage your wireless network correctly.
In this blog, you will learn a defense-in-depth strategy to protect you and your corporate assets and reduce risk. The article approaches each security measures in relation to the OSI (Open System Interconnect) model. Use the steps below, as appropriate, to enhance the security of your company’s wireless network.
L1 PHYSICAL: Turn off the wireless network when not necessary
Shutting down for periods may or may not be feasible for your business operations. In a business that is 24×7 this is obviously not an option. However if you are able do so… then power down. It is the only measure that makes an attack impossible. Additionally if you can shut down any computers, do this, as well. Shutting down individual devices will limit the computers’ exposure to risk as well. In addition to shutting down for security’s sake, there are other added benefits. It is green; you save energy and reduce RF (Radio Frequency) noise (both Radio Frequency Interference and Electro-Magnetic Interference). By shutting down every wireless device possible, you reduce the devices’ chances of taking a power hit, such as a surge or dip that could compromise the operations of the device or its critical data.
L1 PHYSICAL: Reduce RF bleed by “burying” APs in the interior of your space
This is an often-overlooked security strategy. By placing APs (Access Points) away from the exterior of your building, you are using the building materials to attenuate the signal. The more difficult it is to “see” your SSID (Service Set Identifier): the more difficult it is to attack it. Not only is this good for security, but it is also good for performance as outside probes will not be added to the RF traffic as superfluous contention. Just as the last section explained, this strategy may not be appropriate for your specific site or business model. Imagine a company wants to provide coverage to an outdoor area; it is common to place APs on exterior walls near the outdoor space. This way the adjacent exterior areas benefits from the RF bleed. Only place APs on exterior walls as needed.
L2 LLC: Do not use default SSIDs and make sure they are ambiguous
Selection of your SSID is important. If you broadcast the SSID, you may want it to be meaningful to your audience, but not outsiders. Do not make it easy for outsiders to determine for which business the WLAN is servicing. Keep the SSID ambiguous to the typical passerby. Additionally, never use a default SSID issued by the manufacturer. If you did use a default SSID, you would be giving away information about the underlying wireless infrastructure. If you want to take things one-step, further create a dummy SSID that is sent to a “black hole” (a dead-end of sorts for traffic). This SSID will act as a honeypot. You can also entice a hacker to attach to the honeypot SSID, by using a name that makes it interesting to said hacker. This honeypot can distract the hacker from your critical SSID and hopefully frustrate him into moving on to an easier target.
L2 MAC: Make sure you use WPA2 Enterprise (802.1x) if this is not possible and set a strong and unique passphrase (PSK)
802.11 WLANs offer several flavors of encryption. WEP, WPA, and WPA2 are the present encryption standards available, WPA3 is an emerging standard. WPA2 is Wi-Fi Protected Access 2nd generation and is a security protocol and a current standard in the industry (today WPA2 networks are the most common ones in use) WPA2 encrypts traffic on Wi-Fi networks. It also replaces older and less secure standards such as its predecessor WPA (Wi-Fi Protected Access). Both WPA and WPA2 displaced WEP (Wired Equivalent Privacy), and since 2006, all Wi-Fi certified products offer WPA2 security.
L3 NETWORK: Change the default IP address and credentials on your Wireless products
If you continue to use the default IP subnet and IP address for a wireless device, you will be making hackers’ jobs easier. Change the IP subnetwork whenever possible. Always change the default IP addresses of your wireless access points and routers. A skilled hacker can ascertain this information but why make it easier for him or entice novice hackers by giving them an easy place to start their network reconnaissance.
Most wireless devices come pre-set with a default username and password, which one uses to connect to and install your devices. This makes interaction easy but also makes it easy for others to guess credentials. Make sure both the username and password are changed. A good password should be at least 20 characters long and include numbers, letters, and various symbols. Keeping passwords a secret is critical. One way to do this is to change them at a regular interval in case they are compromised.
L3 NETWORK: Considering turning off DHCP if possible
It may or may not be possible to remove the necessity of DHCP (Dynamic Host Configuration Protocol) for your wireless devices. If there are only a few users and guest access is not necessary then your network administrator can manually assign IP addresses. This will will make joining the WLAN more difficult. DHCP broadcasts and their responses carry information that helps a hacker construct a picture of your network, why propagate that info unless you must. Understand that in many cases manually addressing hosts will be a management nightmare and render this impossible, but when possible turn off DHCP
L4 TRANSPORT: Disable Remote Access aka Remote Administration
Most wireless devices allow one to access its user interface from a directly connected device (via a cable that facilitates serial communication). However, many products allow access from remote systems as well. Disabling Remote Access or Remote Administration will make it much more difficult for an unauthorized user to gain access. When this functionality is necessary, filter by allowing certain IP blocks to specific IP addresses and open only the exact protocols used for communications.
L7 APPLICATION: Always keep your router’s software up-to-date
The WLAN manufacturer’s software (sometimes called firmware) is a crucial piece to the proper operations of your wireless network. The wireless device’s firmware, like any other software, can contain bugs, which can lead to major problems and be exploited by hackers, if these vulnerabilities are not identified and fixed in software updates. Check with manufacturers website regularly and often to make sure your device’s firmware is the most current this can help stop hacker’s from exploiting the vulnerabilities.
NETWORK PROTECTION, A firewall can help secure your Wi-fi network
Having a good firewall in place is outside of the sphere of your wireless network. However, it is one more step in your defense-in-depth-approach. Firewall are essentially the first line of defense for attacks coming for your wireless network via Ethernet as opposed to the radio waves. Be mindful that many of the same rules apply to your firewall as your wireless devices e.g. changing defaults.
DEVICE PROTECTION: Enhance protection for the devices most frequently connected to your home network
Every device on your network is a potential launch site for exploits, therefore it is of utmost importance to secure all of your devices. Sure you secured the wired and wireless networks. You have installed and maintained your router. However, if your hosts are not protected, not only are they at risk, but so is your entire infrastructure.
Always install antivirus and personal firewall software on your endpoints. Keep these computers’ software up to date: check often and update as soon as available. Lastly, use the same layered security approach that we recommend for every other part of your network.
Just to give some perspective on how pervasive mobile devices are, and therefore their wireless communications, the number of smartphones has increased 100 times since 2005. Not only is securing Wi-Fi an important job, but it is a big one too! Securing your company’s wireless network (and all connected systems and data) is paramount in keeping your company operating safely and protecting your customers’ important personal data. The security measures outlined in this writing are fairly simple ones; there are many more actions that can be taken to further secure your wireless network and its surrounding network infrastructure. To learn more go to the website of your WLAN manufacturer. You can research via IEEE, SANS, and ISC2 websites as well as numerous other industrious sites that address WLANs and securing them. Good luck and stay secure.
This article was first published by Hakin9 Magazine.
Author Bio: John Busso is a Senior Network Engineer/Mobility Specialist at CCSI. He has almost 20 years experience providing secure voice and data solutions. John has been a Subject Matter Expert for Enterprise Mobile Solutions such as Guest WiFi and BYOD, providing vision for diverse clients.
John has been an Adjunct Professor and trainer. He holds numerous Industry certifications, including CISSP, CWNP, CCNP, ACMP and ITIL. His experience includes working with retail, TNL-Couriers, DC’s and Airports, Healthcare, Education, DOD, Local Government, Financial, Non-Profit-Public WiFi, Entertainment and Hospitality industries. His expertise is in mobility, security, WLAN, WAN, LAN, VoWiFi, RFID, RTLS, WIPS, WIDS, DAS, licensed/unlicensed PTP and PTMP networks. Connect with John on Twitter via @JohnBusso.