• #1 NetSpot
  • Best WiFi tool to assess your WiFi security
  • 4.8
  • 969 User reviews

WiFi Security with NetSpot

Wireless network security is a top priority for anyone building or restructuring such network. NetSpot provides you with all necessary tools to decrease WiFi security risks to the lowest possible minimum.
CHECKED BY
  • NetSpot
  • Essential for WiFi security
  • 4.8
  • 969 User reviews

How to secure your Wi-Fi network

With traditional networks the issue is that others can connect to Internet using your broadband connection even though they are not authorized to. Rogue APs, stations associating with the wrong AP and wardriving… Currently serious security breaches, sensitive data theft and forgeries are not that uncommon.

The general security issues for wireless networks

The possible problems are:

  1. Confidentiality: the data you send through the network should be encrypted really well in order not to be intercepted and read by an unintended person. The proper way to decrypt the data is a key and a proper authentication process.
  2. Integrity: Wireless networks are more exposed to attacks aiming at data integrity.
  3. Availability: Radio jamming can easily restrict the availability of a network. Another type of attack, called battery exhaustion attack, is where unauthorized parties continuously send messages or some data to connected devices to exhaust their batteries.
  4. Eavesdropping and Authentication: As wireless networks are broadcast, there are a lot of access points that are prone to be used for accessing the network. Prevention of eavesdropping is important.
  5. Bluesnarfing or bluejacking: These attacks are performed through Bluetooth in order to steal or tamper the data.
  6. Wardrivers: They perform security attacks with wireless devices like laptops by trying to connect to an unprotected network with the intention of recording private data of other users on this network.

However it is not as difficult as it may sound to make your wireless network secure. Securing your network will prevent others from stealing your bandwidth and will stop hackers from taking control over your machines via your own WiFi network.

Wireless Security: what to start with

Firstly conduct a site survey with NetSpot WiFi Site Survey tool. It will immediately help you detect and eliminate rogue APs — the ones that were deployed without permission.

Site survey also helps expose unauthorized workstations. Organize an inventory of laptops and PDAs with wireless adapters, with user, MAC address and operating system information. This data is used for WLAN access controls. In case WLAN adapters are misplaced or stolen an up-to-date list is crucial.

You may discover close-by APs and stations not belonging to your network. A good thing to do is survey public areas neighboring with your facility, including all levels. The MAC addresses should be recorded, along with network name (SSID) and channel. Use this data to avoid the cross-interference and scratch the possibility of false-positive intrusion alerts.

It is recommended to get APs with high-grade antennas with strong yet tight signal. Their narrow focus will provide better security for the signal and less leaking outside where a wardriver can intercept it.

Check your encryption with NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.

Steps to secure your wireless network

A few simple steps have to be taken to secure your WiFi network:

Step 1

Unique passwords

Create unique WiFi passwords for your routers. Creating unordinary passwords will prevent unauthorized users from getting access to a router and help keep the WiFi security settings that you set up.


Step 2

Assets to protect

In order to secure your WiFi network at home, every piece of your data has to be protected. And as for business network, it is important to decide which assets need protection and what will be the impact of theft, damage or loss of data. Upon deciding on the assets, enumerate threats and risks. After this basic work has been done, begin considering WLAN building alternatives.


Step 3

Network Topology

Think through how new WLAN segments are going to be integrated and how you will use the already existing components of your wired network. The topology, placement of devices and the security measures you take have the direct impact on wireless LAN security.

Apply restrictions to the AP placement in your network. All wireless APs should be untrusted and always placed outside the firewall or within a DMZ.

Integrate WiFi networks and wireless devices with already existing management structure. Decide whether APs, stations and WLAN programs need an inventory, additional configuration and monitoring.


Step 4

Network Encryption

Wi-Fi Protected Access (WPA) is a security protocol that addresses weaknesses found in the preceding system WEP with both types of products being able to interoperate. This protocol incorporates the stable parts of the 802.11i security standard that is a work in progress.

After going through proof of concept and applied public demonstrations WPA showed some weaknesses and just like WEP was susceptible to intrusion.

You should use WPA2 whenever possible, and only use WPA in those cases when it is not supported by an access point. Sometimes a network speed may be affected by WPA2 usage, and then WPA also becomes an option, however it would be much more appropriate for the network security to upgrade access points. When none of the WPA standards can be used, then using WEP is possible.

UPD: WPA3 is the next-generation security protocol absolutely worth your attention. WPA3 provides better security and even saves you from your own security shortcomings.

What a WPA3 standard will offer once widely introduced:

Safer Connections

Back in 2004 when WPA2 was introduced Internet was different, it changed a lot since then. Currently WPA2 doesn't feature a reliable way to onboard new devices to a wireless network. The Wi-Fi Protected Setup method has known issues since 2011 and needs a fix. WPA3 promises to provide it.

The Wi-Fi Alliance product Wi-Fi Easy Connect allows users to onboard devices without or with a limited screen or input options. This method simplifies onboarding significantly because you need to just scan a QR code on your router and a device and everything else will be done automatically. When you scan a QR code you are using a public key-based encryption thus connecting devices that lack secure mechanisms otherwise.

The newly implemented Wi-Fi Certified Enhanced Open program offers great new advantages to the users of open wireless networks. It's not news that open Wi-Fi networks are not compatible with safe browsing, so it was never recommended to enter any sensitive data while on an open network.

You probably know that it was because of the WPA2 protocol vulnerability — anyone on the same network as you can get access to your online activity and initiate attacks. Once you can use WPA3 on a public Wi-Fi network, your connection will be automatically encrypted thanks to the "Opportunistic Wireless Encryption" standard.

Password Protection

Password is the first and foremost thing you should think of when considering your Wi-Fi network security. We do not recommend using lazy easy to hack passwords in any case, but surely WPA3 will minimize the damage.

WPA3 protocol introduces the new key exchange process protecting you from dictionary attacks that are so popular with WPA2. Dictionary attack is when hackers simply run a process of going through every word and combination from the dictionary and eventually cracking a lazy typical password.

Another weakness of WPA2 — the usage of four-way handshake between clients and access points — will be eliminated in WPA3 with its secure and reliable Simultaneous Authentication of Equals handshake.

Even if your password gets compromised while using WPA3, your data should remain safe thanks to the protocol's forward secrecy. This basically means that all traffic sent and received before the attack is encrypted and remains to be. In case of WPA2 previous traffic was not encrypted and attackers could easily get hold of the information.


Step 5

VPN

If your business is already using a VPN access, think of using it for WLAN security. It makes the most sense when WAN and LAN security policies are consistent with the same encryption algorithms and credentials.

Wireless LANs however have their own set of VPN issues:

  • With a high-speed wireless LAN there is more data to encrypt. In order to provide support for wireless encryption one may need additional gateways, specifically when using 802.11a/g at link speeds up to 54 Mbps.
  • Tunnels are tied to IP addresses. With APs changing IP addresses broken tunnels are reestablished but the disruption is often noticeable. In smaller wireless networks several access points may be sharing the same DHCP scope, while in larger wireless networks when stations roam the tunnel persistence can be provided by wireless gateways.
  • Deploying a client can be expensive and difficult to implement. Reusing already deployed clients is different from adding new ones with new policies.

Step 6

Control the Wireless Signal Range

When working in a smaller office you don't need a high range of your router to be active. You can either change the mode for your WiFi router to 802.11g (instead of 802.11n or 802.11b) or start using a different Wi-Fi channel.

Keeping Your Wireless Network Safe

In order to keep your Wireless LAN safe and secure you'll need to define and apply the right security measures to protect the access points from wardrivers. There are high-quality network security tools available that can discover WLAN, test the penetration and assess vulnerability. You can use NetSpot for site survey and then periodically run it to ensure there are no rogue APs and unauthorized connections in your network.

Check your Encryption using NetSpot

Powerful advanced tool for multiple Wi-Fi networks Surveys, Analysis and Troubleshooting.

FAQ

What are the general security issues for wireless networks?

The WiFi security issues you may run into include:

  1. Lack of confidentiality. In order to avoid leaks, the data sent through a wireless network should always be encrypted.
  2. Integrity. Attackers aim at data integrity the most.
  3. Network availability. It can be easily compromised when attacks like radio jamming or battery exhaustion are performed.
  4. Eavesdropping and authentication are a big problem when networks are broadcast.
  5. Bluesnarfing or bluejacking are the attacks that are performed through Bluetooth to steal or tamper with the data.
  6. Wardrivers perform security attacks with the help of wireless devices like laptops. They connect to an unprotected network and try to steal private data of other users on the same network.

Wireless Security: what to start with?

NetSpot WiFi Site Survey tool is a good way to start with your WiFi security. This app helps you find and eliminate rogue APs that you didn't authorize to be deployed. NetSpot site survey will help you detect unauthorized workstations as well.

An up-to-date inventory of laptops and PDAs with wireless adapters, with user, MAC address and operating system information is a must for proper WLAN access controls.

It is also efficient to survey public areas neighboring with your network. You can use the collected data to avoid the cross-interference and eliminate the possibility of false-positive intrusion alerts.

What do you need to do to secure your wireless network?

Secure your wireless network with unique passwords and proper network encryption. Protecting assets and properly organizing network topology is important. Make sure your wireless signal range extends where needed and try using VPN for more advanced features for your network.

How to keep a wireless network safe?

To keep your WiFi network safe you'll need certain security measures in place. There are high-quality network security tools that can discover WLAN, test the penetration and assess vulnerability. Try running a WiFi site survey with NetSpot and make it a habit of doing so regularly to ensure no rogue APs are present and there are no unauthorized connections to your network.

Have more questions?
Submit a request or write a couple words.

Read next in All about Wi-Fi

If you want to dive deeper into this Wi-Fi thing, check out the following articles about Wi-Fi security, the best apps for wireless networking, inflight WiFi, etc.

Other Articles

Get NetSpot for Free
Wi-Fi Site Surveys, Analysis, Troubleshooting runs on a MacBook (macOS 10.10+) or any laptop (Windows 7/8/10) with a standard 802.11a/b/g/n/ac wireless network adapter.
  • 4.8
  • 969 User reviews