Set WiFi up securely

On December 31, 2011, in InfoSec, by ggwalker

No security measure guarantees that you are immune from hackers, but what follows is a best-practice set-up for WiFi that should offer reasonable protection.  Basically, you want to change the default name and password, and you need to add encryption to prevent the general public from jumping on your network to steal your information or use your connection for nefarious deeds.

I plugged in an old WiFi access point (AP) and did a complete reset to factory settings.  Looking at this back of the AP, I see that the default access address is http://192.168.0.227, default user is “admin” and default password is “password”. This information is freely available on the internet as well, so we will want to change this password as we configure the AP.

Entering http://192.168.0.227 into a browser and using the default credentials above, I am now able to set the AP up for home use. Every brand and model is different, so instead of a complete walkthrough, I will instead point out the default settings that you definitely ant to turn off.

First off, now that you know that everybody on the internet knows your default password, let’s change it. Most APs and routers will differentiate between LAN settings, WiFi settings, and Security settings

Management:

  • Change the password, use a secure password and keep it somewhere safe .
  • If you have the option, it is always safer to turn off the ability to manage remotely from the Internet or over WiFi… better to restrict configuration to a computer directly attached to the device.

WiFi Settings:

  • AP name or network name: Change from default, which advertises what brand of AP’s vulnerabilities an attacker should try first.
  • Also, I disable SSID broadcast so that you have to already know the name of the network to connect instead of advertising to your neighbors

Security:

  • Turn off Wi-Fi Protected Setup
  • Select WPA2 Security.  WEP and WPA may be options, but both are considered to be outdated and insecure
  • I prefer AES as an encryption key, but as long as you pick a key, which one is not that important for home and small business use.
  • Choose a secure password and write down the password and settings

As you become more comfortable with the technology, you can dig deeper into the manual to find ways to enhance your security. I also use MAC address filters and tweak a few other settings, but the base changes here should be a good start and make you reasonable secure.

 

Leave a Reply