Wireless Security

Basic Wireless Security

Wireless networks require much more security than wired networks because they transfer information over radio signals (RF). This means the endpoints are "unbounded" and data transmitted can be intercepted by anyone within range of the wireless access point. This is a significant security risk because attackers can gain unauthorized access to the network or eavesdrop on transmitted data.

Default Configurations and Vulnerabilities

One of the highest points of failure is keeping network settings in the default configuration.

Wireless Authentication Protocols

  1. Wired Equivalent Privacy (WEP): Oldest and weakest protocol, should be avoided due to known vulnerabilities.
  2. Wi-Fi Protected Access (WPA): An improvement over WEP, but still considered weak and shouldn't be used.
  3. Wi-Fi Protected Access 2 (WPA2): More secure protocol, minimum recommended standard for modern wireless networks.
  4. Wi-Fi Protected Access 3 (WPA3): Latest and most secure wireless authentication protocol, offering improved cryptograph and authentication.

Additional Wireless Security Measures

There are other security measures to consider for wireless networks.

  1. MAC Address Filtering: Allowing or denying access to the network based on the unique MAC addresses of authorized devices.
  2. Disabling Unused Features: Features like Wi-Fi Protected Setup (WPS) can introduce vulnerabilities to a network when not in use, should be disabled if not needed.
  3. Firmware Updates: Keeping wireless access point firmware up to date is crucial to address known security vulnerabilities.
  4. Network Segmentation: Using either a VLAN or another network partition method, separating wireless networks from the wired internal network is a good idea.
  5. Encryption and VPNs: Ensure that data transmitted over the wireless network is encrypted, and use Virtual Private Network (VPN)s when remotely accessing the network.