Not all advice is created equally—especially when it comes to technology security. There are things you can do which greatly increase your security and protection. And there are things you can do that provide only minimal, if any, protection. Let's look at wireless security.
Whenever I can, I use a wired connection. It tends to be faster and more stable. However, wireless is incredibly convenient and relatively easy to set up, so it’s pretty prevalent everywhere. But with any networking technology, network security must be considered.
The average home user, when it comes to wireless security, may do some googling, and come upon some very popular advice. But is it GOOD advice? I googled "how to secure a wireless network", and the first result was from the Cybersecurity & Infrastructure Security Agency with a list of suggested actions, including the following two popular options to minimize the risks to your wireless network.
- "Restrict access. Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses. Consult your hardware's user documentation for specific information about enabling these features. You can also utilize the “guest” account, which is a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of your primary credentials.
- Protect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities."
Pretty authoritative, right? I mean, it comes from a government website; certainly, we should heed it. This advice, in a nutshell, sounds pretty reasonable: use MAC address filtering, and disable the broadcasting of your SSID address. I'm going to be radical, though, and tell you to ignore both of those as relatively useless advice, which needlessly complicates things, when there are simpler and better options.
Let's discuss MAC address filtering first. Basically, you find the MAC address of your network cards, and then add them to a list of "allowed" network cards. If you need to connect a new device to wireless, you need to find the MAC address of the device and add that MAC address to allowed devices—otherwise, it cannot connect. This sounds pretty great, though it is a lot of work if family comes to visit regularly and wants to connect their devices, administrative overhead increases.
Does it keep the bad guys off your network? The bad guys need to be near your network, and they need to have the WPA2-PSK you use—the password you give out. They also need to have an approved MAC address. But guess what? A popular tool around for over a decade, Kismet, allows anyone to see the clients connected to your wireless access point, and it lists the MAC address for those clients. Then, the bad guys can change their MAC address to one of these approved clients—it'll take them about 60 seconds or less. How long does it take you to add MAC addresses to the approved list? Probably longer. So, we have a layer of security—and I'm all for layers of security—but this layer of security makes things harder for the good guys and doesn't present any hindrance to the bad guys. It’s not worth the time.
A similar method is disabling the broadcast of your SSID address. This is another popular recommendation that is effectively like filtering your MAC address. Anyone who comes over to use your wireless will need you to provide your SSID to them to type in, along with your WPA2-PSK wireless password. All the devices you set up in your home will need to be set up manually as well, as they won't be able to "see" your wireless network. This is a lot of overhead. Worth it? Unfortunately, no. Once again, it's work for the good guys, and no hindrance to the bad guys. The bad guys, once again using Kismet, are able to "see" the names of all hidden, non-broadcast SSIDs in the area.
Both of these options would be like putting your front door on the roof of your house—harder to get to, better security—right? Except every time you want to get in your house, you have to climb a ladder, meanwhile, the bad guys just break a window.
Instead, focus on the WPA2-PSK key, the password you use to connect to your network. Longer and complex is always better, just like with your passwords. Simply adding a few characters can significantly improve the security of the password and better secure your network, without making things harder for you (and negligible for the bad guys) like MAC filtering and SSID broadcast disabling.
Work smarter—and be harder to hack!
SECURE YOUR FUTURE WITH A CYBER SECURITY DEGREE
Designated as a Center of Academic Excellence by the National Centers of Information Assurance Education (CAE/IAE), UAT’s Network Security bachelor of science degree prepares students to take on the ever-evolving world of information security. Network security students will receive hands-on technical training and learn best of class software and network programming and essential network security analysis.