Wi-Fi devices – well known for their portability, flexibility and increased productivity are based on IEEE 802.11 standard . IEEE 802.11 WLAN, or Wi-Fi, is the most widely accepted broadband wireless networking technology, providing the highest transmission rate among wireless networking technologies.
Threats to Wi-Fi Implementations
Since radio waves can penetrate through walls there is a great chance of unauthorized access to the network and data. Because of its broadcasting nature, anybody can sniff the network for valuable credentials. If the network is not properly secured the attacker will get sufficient data to launch an attack.
In brief the following cases may happen.
-The attacker may search for available wireless networks in the close proximity. If the Access Point( AP) is open the attacker can avail the network without any effort.
-The attacker can directly log in to the Access Point using default credentials and configure the device in whatever way he wants.
-The attacker can sniff the network for configuration details such as SSID(Service Set Identifier) , BSSID(Basic Service Set Identification ), encryption used, channel used etc. He can capture sufficient packets to launch an attack.
-The attacker can install a fake Access Point and lure(like advertising free internet access) users to connect to the rogue AP.
-The attacker can disrupt the normal functioning of the network.
Securing Access Point/ Router
As far as a user is concerned, securing Access Point ensures the primary level of security.The configuration settings as explained below will secure the Access point.
i ) Change Administrator Password
An attacker can easily find out the default password. It must be changed. Ensure that the admin password is strong enough.
ii) Prefer Wi-Fi Protected Access(WPA2 Preferably) instead of Wired Equivalent Privacy(WEP)
WPA’s salient features are strong encryption algorithm, user authentication and support for IEEE 802.1X . Use Wi-Fi Protected Access (WPA) or WPA2 with Pre-Shared Key (PSK) authentication and AES as the encryption standard. The pass phrase should be strong enough.
iii) Use logging feature in the Access point
Logging will record activities of the wireless access point or router including Wi-Fi activities of the clients that connect to it. This record can serve as an audit trail in case of a security breach and can be useful for troubleshooting. The log can be saved either in local machine or in a remote storage server(mostly in routers).
iv) MAC Address Filtering
Access of the clients can be permitted or prevented by providing a list of MAC Addresses in the “MAC Address filter” configuration parameter. This is known as MAC Address filtering. Together with SSID this can also used as a security measure. Select the MAC Address of all the wireless Network interface cards used in the network. The list can be used to permit or prevent the wireless access .
There are certain best practices explained below which should be followed for enhancing security of wireless Access Point / Routers.
i)Restrict the Access
SSID (Service Set Identifier) is used to identify a wireless network which a user wants to attach. All wireless devices that want to communicate on the WLAN need to have their SSID set to the same string as the AP. Even though the attacker can get the SSID simply by sniffing the network it is preferable to change the default SSID. Avoid SSID which shows name or other information. Name the access point such that it can be easily traceable during trouble shooting. Physical security of access point is also important.
ii) Disable Management via Wireless
It is recommended to disable management of the router via wireless devices associated with the access point. If someone manages to associate with the access point and login to the router , they can change the configuration of the router. Prefer wired interface with AP/Router to configure the device.
iii) Disable Remote Management
Remote Router Access permits web-based management of the wireless router from external networks such as the Internet. By default this feature opens port 8080/TCP on the external side of the router. This feature provides significant risk to the device, permitting an attack vector and more importantly significant risk to internal network. It should be disabled unless remote management is absolutely required. Universal Plug and Play may also be disabled.
iv) Turn off the Access point when not in use
This is also advisable since it minimizes the risk of unauthorized access.
v) Configure Network Mode
Select the wireless mode which is depending upon the protocols. The possible options are.
-Disabled – disables AP.
-Mixed – permits both 802.11 b and 802.11g.
-B-Only – 8.2.11 b only.
-G-Only – 8.2.11 g only.
vi) Disable SSID Broadcast
This can protect the AP from a naive attacker . By disabling SSID broadcast, the easy availability of SSID can be restricted .But the attacker can still sniff the SSID from frames that devices use when associating with an AP. According to some vendors disabling SSID broadcast may restrict or invite the chance of exploitation.
vii) Set Wireless Channel from default
Changing the default wireless channel used by the AP is a good practice. It may avoid automatic association of the wireless interface to the network.