Whether you’re installing a wireless access-point in a home, small office, or large building, following a few best practices can make the difference between a reasonably secure network and one that screams “hack me now!”
Here are the five blatant security mistakes to avoid when deploying a new wireless-access point.
Wireless hardware manufacturers have made installing and configuring new access points pretty simple, for both consumer and enterprise devices.
But this ease of installation can lull the inexperienced tech into a false sense of security and lead them to make mistakes during configuration.
- The first mistake, made way too often, is using old equipment that doesn’t support the WPA or WPA2 security protocols. If you’re purchasing new equipment, this shouldn’t be a problem. But too often, individuals and organizations try to reuse outdated equipment to save money. This can be a serious security mistake.
- The second mistake on our list is not resetting the access point’s internal administration log-on name and password. After powering on the AP and accessing its admin tool for the first time, you should immediately change the admin tool’s password and, if applicable, the admin tool’s log-on name. Why? Because, access point manufacturers use standard log-in names and passwords for all their devices. And, a quick Internet search is all it takes to uncover this default information.
- The third mistake goes hand-in-hand with the second one, and that’s not choosing a strong enough AP admin or network password. Weak passwords are vulnerable to brute force, social engineering, and dictionary attacks. It’s bad enough when end users do it. IT shouldn’t make the same mistake.
- The forth mistake is relying on a hidden SSID or MAC address filtering for security. Years ago, both techniques were widely recommended as ways to improve wireless security. But that time has passed. Using wireless sniffers like NetStumbler and Kismet, an attacker can easily uncover hidden SSIDs. And it’s also relatively easy to spoof another machine’s MAC address. Do yourself a favor, use meaningful SSID names so users will know they’re connecting to the right network and rely on true security measures for protection.
- The fifth and last mistake on our list is abandoning an access point once it’s setup. Too many IT prosonal, install APs, configure them to operate,and then forget about them until there’s a problem. And, this can be a very long time — years even.
As I mentioned earlier, if your organization still has old equipment out there running WEP, you should replace it. If you’ve been relying on WPA with TKIP encryption, you should switch to WPA2 with an AES-based encryption mechanism.
Also, if practical, you should periodically check the logs on your access points for repeated access attempts with the incorrect passphrase. Some devices can even be configured to send you a message when such and attempt is made.
Well, I hope you’re not making any of the mistakes on this list. And if you are, take the necessary steps to address them and avoid them in the future.