Posted by Geraldine Hunt on Tue, Dec 15th, 2015
The availability of guest Wifi in a retail or services businesses is now expected. The number of internet enabled smart phones and tablets grows daily and users expect reliable secure Internet access everywhere they go. An open unfiltered Wi-Fi network is an invitation to attack your users, data, privacy and data integrity. This recent article discusses what damage a successful attack can cause.Taking basic steps to secure your WiFi network will help protect your customers, your employees, their devices as well as your overall network security. However several myths prevail around what secure WiFi security is and what will and won’t strengthen your WiFi network security. Here we shatter some of those myths.
Myth 1 - Not broadcasting the network SSID will keep your Wi-Fi connection secure
The network SSID is the name of the wireless access point. When it comes to information security, it is wise to know who might be attacking what you are defending. If you're worried that anyone will be able to see your network and attempt to connect to it, hiding it will unfortunately not help. Most wireless scanners can see hidden wireless networks. For an adept hacker this is not difficult.
Myth 2 - MAC Address filtering
Every network device has a MAC address, which is a 12 hexadecimal character sequence that uniquely identifies those devices on a network. Your Bluetooth adapter in your phone has one, so does your Wi-Fi adapter, your 3G radio and so on. It's the same on your computer and on every Internet connected devices that you own. That MAC address is assigned by the manufacturer before the product leaves the factory. It might seem a good idea to use that identifier to limit who can connect to your network. The idea is that your network administrator would have a list of authorized MAC addresses, and would block all connection attempts made from a MAC address which is not on the white-list, thereby controlling who can use the network.
In theory it seems logical, in practice it doesn't work, and here's why: MAC addresses are not secret, anyone who is observing traffic can see them. To make matters even worse, cloning a MAC address takes less than a second. So an attacker can easily see which MAC addresses are connected, and change her adapter MAC address to one of those and successfully connect to the network, either after that other user disconnected, or immediately after having kicked that user of the network.
Myth 3 - Limit IP addresses Pool
Limiting the pool of IP addresses connected devices can use, presents the same pitfalls as filtering MAC addresses. An attacker will not need much time to see what IP addresses are allowed, pick one, kick the other user out and use that IP. If there are still “free” IP addresses, it takes even less time, the attacker can just pick one and connect.
Myth 4 - Disable DHCP
An IP address can either be assigned automatically from a pool of possible addresses or manually set up in advance. A DHCP server takes care of having a list of IP addresses ranges and will assign an IP from that range to newly connected devices. Disabling DHCP changes nothing as you still need to set them up manually with the goal of having your users connect with those IP addresses. Once again, watching traffic to see what is allowed and picking one is a basic element of a hacker skillset.
Myth 5 - WPA & WPA2 are secure enough
WPA and WPA2 are Wi-Fi encryption standards. Connecting to a WPA or WPA2 encrypted wireless network, can only be done with the correct password, pass-phrase or security token. That's the good news. The bad news is that there exists a multitude of attacks that target WPA/WPA2 encrypted networks. Some brands of routers have defects present which, for an adept hacker makes cracking their keys or bypassing authentication quite an easy task. Attackers know of those router flows and that information is freely exchanged on the Internet.
- Not using default credentials is vital.
- Choosing a good pass-phrase is equally vital.
- Disabling WPS is necessary.
Wireless security is a critical element of your network security
Wireless security is just as critical for your business as any other element of your network security. Finding the balance between security, access, and cost can be tricky. Secure web access enables your employees to embrace mobility and securely connect to the right information.
An open and unfiltered WiFi network exposes you to serious threats!
Every day that you run your WiFi network open is another day you’re at risk. Well-designed and applied security involves minimal hassle and provides peace of mind. Cybercrime doesn’t affect only big businesses — hackers are increasingly targeting vulnerable, smaller organizations too. No organization is immune. Are you prepared? With WebTitan Cloud you can be.