Providing a wireless network for your staff may offer convenience to move about the office freely and avoid the spaghetti-effect of intertwined network cables but wireless comes with its own vulnerabilities that can expose your business to threats.
Studies have shown that some of the most common wireless routers are full of holes and bugs that can allow attackers into your network. This article “Wi-Fi routers: More security risks than ever” provides worrying reading.
In this post I have provided 10 tips to help secure your wireless network from attack – its the basics.
Before I begin however you should have the router’s manual handy – if you cannot find it then search online as most brands will publish the devices manual online. You need the manual to know how to configure your router.
Please do not start looking for excuses not to do these simple tasks as it can help protect your business from serious attacks that could severely damage your business.
How to secure your wireless router – 10 simple tips
1. Secure the network
Make sure your router is encrypting communication using the WPA option. If there is no WPA or WPA2 option then buy a new router that has. Don’t use WEP as its useless – just get a new router. No excuses.
2. Change default passwords
The router may come with an admin console that allows remote access to the configuration area of your router. The username and password that comes as default will be well known to everyone – its probably mentioned in the manual. Change the password!
3. Disable Remote Administration
This is even better than just changing the password. Disable the account as well as change the password. There is no reason I can see that once the router is configured that remote administration feature needs to remain activated.
4. Change the Routers SSID name
The router will have a name so you can find it – change the default name as sometimes the vendor will use the brands name which gives attackers some clue as to what router you are using. Yes there is a list of vulnerabilities for major routers that you can download here so by giving the attacker a starting point of the exact brand of the router he/she is one step closer.
5. Enable any security features offered
If the router offers extra security features such as a firewall then activate it – more security is good.
6. Disable SSID broadcast
The router is a friendly beast by nature and loves telling the world that it offers wifi access. Make it shut up as we don’t want the world to know. Disable the “SSID broadcast”.
7. Patch and patch
If the router vendor offers an alert service for updates to the router (sometimes called “firmware”) then sign up. Router vendors, as stated in the article I linked to, are not well known for their security efforts so once shamed in public they hopefully will start removing the bugs and security holes via patch updates.
8. Disable guest networks
Some router vendors love making your environment even less secure than others by providing a guest network option so businesses can offer their customers “free wifi”. Supposedly the feature keeps the freebies away from the network your staff use but on the whole I think its a stupid idea and you should disable this feature.
9. Hide your router
Place it high above so to physically get at it you need to stand on something. Most routers offer a USB port or two that attackers can plugin their virus software directly into the router bypassing all types of protections.
10. Disable all services you don’t need
Our helpful router vendor likes to offer many options for attackers to get into your network including services such as FTP, Telnet. Study the manual and locate the extra services offered like FTP – disable the lot.
If you now have the taste for “hardening” your router then search online and use this type of search query “how do I secure my [insert your router product name here]” this should give you more tips directly related to your router.