Back to Top

How to protect your Wi-Fi network

Wireless networks are often one of the easiest targets for hackers. Why? Because they won't need to set foot inside your office to get access to your company's files/data. There are lots of ethical hacking tools that can be used for evil purposes out there. Also, many cybercriminals utilize wardriving, often installing the Kali Linux distribution on a regular laptop, and then either replacing its Wi-Fi module with one that has a bigger power, or adding a high gain external antenna to the existing wireless module through a standard SMA cable. This way, they are able to build a Wi-Fi hacking machine that costs less than $1,000 and can often detect/connect to Wi-Fi networks that are hundreds of feet away from their cars.

So, what can you do to keep your business-related data safe? Here are the most efficient methods that allow you to fight back.

First, be sure to use an inconspicuous name for your wireless network. I know that it is tempting to choose a "relevant", business-related SSID name, but please resist the urge to do that. Most cybercriminals are targeting companies because they want to get access to their customer databases, for example, so they won't invest too much effort into hacking a "JohnHome95" network.

In fact, you can use another trick that should make it even harder for hackers to penetrate your network. As you probably know, most router manufacturers include their company name in the default SSID name. If you purchase a router from TP-Link, for example, you will discover that the default wireless network name is something like "TP-Link_2.4GHz_144321". It is clear that the manufacturer gives away too much information here!

So, if you have got a TP-Link router, why not change the default SSID to "Linksys_4412" or something like that? This will make script kiddies think that you own a Linksys product, so they may waste their time looking for Linksys router vulnerabilities, etc. This is, in fact, the key idea when it comes to fighting back: use several methods that are guaranteed to slow down any hacker. They are regular people like you and me, so they will get discouraged and move on to the next target if they see that their efforts are fruitless.

Some security experts recommend hiding the SSID altogether. I wouldn't go this route, though; your Wi-Fi network will be slowed down significantly, and people who have the proper tools and knowledge will still be able to figure out its SSID.

Companies can (and should) benefit from using the "Enterprise" features of the WPA2 data security protocol. With Enterprise WPA2, each user/device is authenticated individually, because every network client has its own user/pass combination. This means that if one of the devices is lost or becomes vulnerable, you can quickly revoke its log-in permission without affecting the other network clients. To enable Enterprise mode, you will need to use a RADIUS server. Companies who don't want to deploy their own servers can utilize a cloud-hosted RADIUS service.

Sometimes, the attacker may set up a fake Wi-Fi network which has a name that's similar with your company's SSID. He will do that hoping that some of the employees will connect to his network by mistake. So, it is important to enable your access points' rogue detection features. This way, if your devices detect that a new access point has been installed in the area, you will be notified by email and/or SMS.

It is true that your access points may not include intrusion detection systems. In this case, it is important to know that several companies provide dedicated Wi-Fi monitoring solutions.

Don't forget about physical security. Often, people forget that a simple button push will reset your router or access point to its default settings, making it really easy for hackers to log in. There are lots of default user/pass lists for most wireless devices on the Internet. So, be sure to keep all your Wi-Fi hardware locked if it is possible.