28 November 2019
In 2019, Wi-Fi manufacturers have introduced a number of security measures that we deem critical to our members security.
We all connect to the internet and often benefit from a ‘Wireless’ connection to our mobile devices, be it laptops, tablets, mobile phones or IoT devices. But how secure is your Wi-Fi?
If your Wi-Fi connection isn’t secure, someone could use it to steal your personal, business or financial information for malicious purposes.
“Drive by hacking is a favorite past time amongst cybercriminals”
Wi-Fi signals are often broadcast beyond the walls of office buildings and can be an ‘enticing invitation’ for hackers.
Critical issues with Wi-Fi:
- Authentication is managed per wireless access point which means the password is the same for everyone accessing the wireless network and also has the potential to be different between access points
- As the pre-shared key (password) never changes, users that should no longer have access are still able to connect to the network
- No centralized management or standardized configuration is used.
- Commonly used WPA2 protocol is not secure
Remember that even WPA2 security standard is unlikely to resist a well organised and stubborn hacker or hacking group thanks to the “KRACK Wi-Fi” flaw that was discovered in October 2017.
In 2019, Wi-Fi security has been significantly improved by adopting the following:
Use the newly released WPA3 encryption protocol. This replaces the legacy WPA2 protocol which was introduced in 2006. WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks.
Exigence recommends using business grade authentication (802.1x) that allows integration with Office 365 or Azure AD identity. 802.1x does away with the commonly used pre-shared key by introducing certificate-based authentication and using individual active directory / Office 365 logins.
This will, on its own, raise your security profile to the next level.
Check for rogue Wi-Fi access points
Rogue access points are often masqueraded as legitimate company access points.
They are set up to capture Wi-Fi passwords and used penetrate corporate networks.
Provide a separate network for guests
If you want to allow visitors to use your Wi-Fi, it’s sensible to offer a guest network. This means that they can connect to the internet without getting access to your organisation’s internal network. This is important both for security reasons, and also to prevent them inadvertently infecting your network with viruses or other malware.
Hide your network name
Wi-Fi access points are usually configured by default to broadcast the name of your wireless network – known as the service set identifier, or SSID – to make it easy to find and connect to. But the SSID can be also be set to “hidden” so that you have to know the name of the network before you can connect to it.
Enable MAC authentication for your users
You can limit who accesses your wireless network even further by only allowing certain devices to connect to it and barring the rest. Each wireless device will have a unique serial number known as a MAC address, and MAC authentication only allows access to the network from a set of addresses defined by the administrator.
This prevents unauthorized devices from accessing network resources and acts as an additional obstacle for hackers who might want to penetrate your network.
If you need more info or would like your existing Wi-Fi infrastructure reviewed or secured:
Please contact Exigence on 03-9568-5437 or services@exigence.com.au
Sources: ACSC/Staysmartonline, Techradar, Techsafety, securewifi.
