“My Wi-Fi network has a password, of course it’s secure!!” This may be true, but there are ways to bypass the password security on some Wi-Fi devices. This article’s intention is to expound on practical ways to prevent such threats from compromising your home or office network.
What are some of these threats that can bypass the password security of a Wi-Fi device?
First, there are Wi-Fi password and encryption methods that can easily be bypassed because they are known to be insecure. We’ll find out what some of those methods are and how we can avoid using them. In addition we’ll talk about some more secure Wi-Fi encryption methods we should be using instead.
Second, there are attacks that hackers can use to gain access even to networks using more secure Wi-Fi password and encryption methods. We’ll discover what some of those attacks are and how we can protect ourselves against them. In addition, there has been a recent vulnerability found in a Wi-Fi password and encryption standard being widely used today. We’ll discuss what this vulnerability is and how we can implement the suggested best practices to keep our Wi-Fi networks as secure as possible.
Third, we’ll discuss other best practices that can help us keep our overall private network secure. While some of these best practices in this section won’t pertain directly to Wi-Fi, it’s still important to consider them as it relates to how to prevent unauthorized access to your home or office network.
This article isn’t an exhaustive list on all security measures to implement for home and office private networks. However, the best practices mentioned in this article can significantly increase the overall security of your network and prevent a malicious attack on your private network if implemented successfully.
Hopefully, if nothing else, you’ll be equipped with timely reminders of some best practices you may already be familiar with. Nonetheless, let’s begin.
Insecure Wi-Fi password and encryption methods
In the early days of Wi-Fi networking, WEP (Wired Equivalent Privacy) was the method used to protect these wireless networks.
In 2001, a major security vulnerability was discovered in the WEP encryption method that would allow someone to gather information from these wireless networks and quickly discern the WEP password being used to gain access to these networks.
Once that password was used to gain access to the network, everything being transmitted through that network was then visible to such an attacker. Clearly a major privacy and security concern!!
Because WEP is such an insecure wireless standard, it should NOT be used as a way to gain access to the private wireless networks we use in our homes and businesses.
WPS or Wi-Fi Protected Setup was introduced to make it easy for users to connect their Wi-Fi enabled devices to their wireless networks using a simple pin number, or push button access versus entering a complex passphrase each time a new device was connected.
However, in December 2011 a major design flaw was discovered with this quick-access method. The flaw uncovered that the number of possibilities needed to “brute force” the pin number was significantly lower than originally thought.
This means that if modern computing power was used to execute such an attack on a Wi-Fi router with this feature enabled, an attacker could gain inside access to such a network in about 4 hours or less!!
This is one is very important for most users. Because even recently, major ISPs have installed their home and business networking equipment for their customers with this feature enabled by default.
Do you know if this feature is enabled on your Wi-Fi network? You can find out by logging into your router’s web interface and looking for Wi-Fi Protected Setup or the letters WPS in the different menus. If you find that it is turned on or enabled, disable it immediately!!
If unsure how to do this, find out by consulting your equipment manual for your Wi-Fi router, or your contact your Internet Service Provider and find out if it’s enabled and if so, then how to disable it.
Now that we’ve touched on what Wi-Fi security methods to avoid, lets talk briefly about properly securing our Wi-Fi networks.
Secure Wi-Fi password and encryption methods.
WPA2 was introduced to replace WEP and its counterpart WPA with TKIP (also known to be insecure). The WPA2 encryption method uses AES (Advanced Encryption Standard) which is a trusted encryption standard widely used to protect highly sensitive information and data transfers such as credit card transactions.
WPA2 with AES is the most compatible of the secure Wi-Fi password and encryption methods. So if you’re using a wide range of Wi-Fi enabled devices in terms of differing manufacturers, device ages, and functionalities this is the one you should go with.
WPA2 with SHA256. This is another Wi-Fi method that offers a bit more security than traditional WPA2, however it’s not as compatible as it’s counterpart nor is it as widely available as an option on routers that are already in use.
If you have it as an option and all the Wi-Fi devices on your network can use it, you should go with this one! However, if you have a guest network you may want to use the more “traditional” WPA2 for that network for greater compatibility.
WPA3 is the newest of the Wi-Fi encryption standards. It’s widespread adoption among major equipment manufacturers is still well underway. As of now, this encryption standard in order to be used will likely require newer equipment (router & devices included) in order to function.
If this method can be used on your router and devices, definitely go with this one.
Hopefully by now we’ve made a decision on which Wi-Fi security method to implement or just deciding to keep everything as is for now if there are no security threats discovered so far.
Now let’s take a look at methods that attackers can use to try to gain access even to protected Wi-Fi enabled resources.
Methods that can be used to gain access to more secure Wi-Fi networks
Dictionary Attacks- This type of attack involves either trying dictionary words one after another in an attempt to crack the Wi-Fi password or collecting and analyzing encrypted wireless data transmitted by a Wi-Fi router and using the data collected in an attempt match this data with an offline database of pre-shared keys (passwords).
This is the most common type of attack on Wi-Fi enabled networks, but it’s also the easiest to circumvent. All that’s needed is, you guessed it...a strong password for your Wi-Fi network.
It’s best to choose a password for your network that is non-dictionary (contains no words found in dictionary nor those that closely resemble them such as G1ants) and that contains a strong mix of uppercase, lowercase, numeric, and symbolic characters. Also the more characters in your password, the better.
KRACK Vulnerability- This vulnerability exploit allows an attacker to retrieve a password while a device is being authenticated to the Wi-Fi network on WPA2 enabled Wi-Fi networks. This vulnerability however is not a Wi-Fi router vulnerability, but a client device vulnerability.
The only way to circumvent this sort of attack is to update your Wi-Fi enabled endpoints and client devices with the latest firmware and security updates available from the Operating System or manufacturer.
Other security measures to implement for overall network security
Change Default Wi-Fi SSIDs
The default SSID (Wi-Fi network name) for your Wi-Fi router may give a clue to a hackers as what type of device you are using for your home or office network. This might not seem like such a big deal, but identifying the type of device you’re using can give hackers an idea of what exploits in security may be present leaving you open to an attack if your router isn’t up to date or no longer supported by the manufacturer.
Update Router Firmware
If your router is still supported by the manufacturer, it’s best to check with them on their website for firmware updates periodically as these can contain security patches to prevent an unauthorized person from accessing your network.
Secure Router Login Credentials
Routers can be accessed remotely from a location other than the network it’s connected to locally. So it’s important that in order to protect your network to either disable remote access or change the default admin username and password on the web interface of your router.
Usually you can login to your router’s web interface locally by typing in its IP address into your web browser and enter the credentials being asked for on this page. If you’re unsure what the username and password is, it could be the factory default credentials. Check with your ISP or consult your router’s user manual to find out.
Avoid Transmitting Login information “in the clear”
Also, if you do find it necessary to access the web interface of your router from a remote location, do so using a secure transmission method such as HTTPS, SSH, or a VPN protocol with strong encryption. Do NOT use HTTP, Telnet, or a weak VPN tunnel because accessing your network using these protocols will transmit your username password or other login information in such a way that can easily be intercepted by anyone “sniffing” for unencrypted or weakly encrypted data packets sent to your network allowing them to gain access to your remote router the same way you do.
Securing access to our private information is serious business. Taking active measures to secure this information now could spare us the heartache and damage that can result from a security breach such as financial loss, identity theft, and countless hours cleaning up behind such a mess!!
If anything in this article is unclear or unfamiliar to you, please take the time and research how to do some of the things mentioned for your particular network setup. The steps mentioned here are not just for IT professionals who are trained to do this, but much of how to do what’s mentioned can be found in the user guide for your equipment or by doing a simple web search.
Also, ask a trusted friend or relative for help if any of these concepts seem too daunting to implement or comprehend. They’ll likely be more than happy to help you take the needed action to secure your private network and data.
As always thanks for reading our blog! If this article has helped you or you feel it may help someone else, please feel free to share or post it to your favorite social media platform.