Securing Wireless Networks | CISA (2024)

Table of Contents
What are the risks to your wireless network? Piggybacking Wardriving Evil Twin Attacks Wireless Sniffing Unauthorized Computer Access Shoulder Surfing Theft of Mobile Devices What can you do to minimize the risks to your wireless network?

In today’s connected world, almost everyone has at least one internet-connected device. With the number of these devices on the rise, it is important to implement a security strategy to minimize their potential for exploitation (seeSecuring the Internet of Things). Internet-connected devices may be used by nefarious entities to collect personal information, steal identities, compromise financial data, and silently listen to—or watch—users. Taking a few precautions in the configuration and use of your devices can help prevent this type of activity.

What are the risks to your wireless network?

Whether it’s a home or business network, the risks to an unsecured wireless network are the same. Some of the risks include:

Piggybacking

If you fail to secure your wireless network, anyone with a wireless-enabled computer in range of your access point can use your connection. The typical indoor broadcast range of an access point is 150–300 feet. Outdoors, this range may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you live in an apartment or condominium, failure to secure your wireless network could open your internet connection to many unintended users. These users may be able to conduct illegal activity, monitor and capture your web traffic, or steal personal files.

Wardriving

Wardriving is a specific kind of piggybacking. The broadcast range of a wireless access point can make internet connections available outside your home, even as far away as your street. Savvy computer users know this, and some have made a hobby out of driving through cities and neighborhoods with a wireless-equipped computer—sometimes with a powerful antenna—searching for unsecured wireless networks. This practice is known as “wardriving.”

Evil Twin Attacks

In an evil twin attack, an adversary gathers information about a public network access point, then sets up their system to impersonate it. The adversary uses a broadcast signal stronger than the one generated by the legitimate access point; then, unsuspecting users connect using the stronger signal. Because the victim is connecting to the internet through the attacker’s system, it’s easy for the attacker to use specialized tools to read any data the victim sends over the internet. This data may include credit card numbers, username and password combinations, and other personal information. Always confirm the name and password of a public Wi-Fi hotspot prior to use. This will ensure you are connecting to a trusted access point.

Wireless Sniffing

Many public access points are not secured and the traffic they carry is not encrypted. This can put your sensitive communications or transactions at risk. Because your connection is being transmitted “in the clear,” malicious actors could use sniffing tools to obtain sensitive information such as passwords or credit card numbers. Ensure that all the access points you connect to use at least WPA2 encryption.

Unauthorized Computer Access

An unsecured public wireless network combined with unsecured file sharing could allow a malicious user to access any directories and files you have unintentionally made available for sharing. Ensure that when you connect your devices to public networks, you deny sharing files and folders. Only allow sharing on recognized home networks and only while it is necessary to share items. When not needed, ensure that file sharing is disabled. This will help prevent an unknown attacker from accessing your device’s files.

Shoulder Surfing

In public areas malicious actors can simply glance over your shoulder as you type. By simply watching you, they can steal sensitive or personal information. Screen protectors that prevent shoulder-surfers from seeing your device screen can be purchased for little money. For smaller devices, such as phones, be cognizant of your surroundings while viewing sensitive information or entering passwords.

Theft of Mobile Devices

Not all attackers rely on gaining access to your data via wireless means. By physically stealing your device, attackers could have unrestricted access to all of its data, as well as any connected cloud accounts. Taking measures to protect your devices from loss or theft is important, but should the worst happen, a little preparation may protect the data inside. Most mobile devices, including laptop computers, now have the ability to fully encrypt their stored data—making devices useless to attackers who cannot provide the proper password or personal identification number (PIN). In addition to encrypting device content, it is also advisable to configure your device’s applications to request login information before allowing access to any cloud-based information. Last, individually encrypt or password-protect files that contain personal or sensitive information. This will afford yet another layer of protection in the event an attacker is able to gain access to your device.

What can you do to minimize the risks to your wireless network?

  • Change default passwords.Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily available to obtain online, and so provide only marginal protection. Changing default passwords makes it harder for attackers to access a device. Use and periodic changing of complex passwords is your first line of defense in protecting your device. (SeeChoosing and Protecting Passwords.)
  • Restrict access.Only allow authorized users to access your network. Each piece of hardware connected to a network has a media access control (MAC) address. You can restrict access to your network by filtering these MAC addresses. Consult your user documentation for specific information about enabling these features. You can also utilize the “guest” account, which is a widely used feature on many wireless routers. This feature allows you to grant wireless access to guests on a separate wireless channel with a separate password, while maintaining the privacy of your primary credentials.
  • Encrypt the data on your network.Encrypting your wireless data prevents anyone who might be able to access your network from viewing it. There are several encryption protocols available to provide this protection. Wi-Fi Protected Access (WPA), WPA2, and WPA3 encrypt information being transmitted between wireless routers and wireless devices. WPA3 is currently the strongest encryption. WPA and WPA2 are still available; however, it is advisable to use equipment that specifically supports WPA3, as using the other protocols could leave your network open to exploitation.
  • Protect your Service Set Identifier (SSID).To prevent outsiders from easily accessing your network, avoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it more difficult for attackers to find a network. At the very least, change your SSID to something unique. Leaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and possibly exploit any known vulnerabilities.
  • Install a firewall.Consider installing a firewall directly on your wireless devices (a host-based firewall), as well as on your home network (a router- or modem-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer (seeUnderstanding Firewalls for Home and Small Office Use).
  • Maintain antivirus software.Install antivirus software and keep your virus definitions up to date. Many antivirus programs also have additional features that detect or protect against spyware and adware (seeProtecting Against Malicious CodeandWhat is Cybersecurity?).
  • Use file sharing with caution.File sharing between devices should be disabled when not needed. You should always choose to only allow file sharing over home or work networks, never on public networks. You may want to consider creating a dedicated directory for file sharing and restrict access to all other directories. In addition, you should password protect anything you share. Never open an entire hard drive for file sharing (seeChoosing and Protecting Passwords).
  • Keep your access point software patched and up to date.The manufacturer of your wireless access point will periodically release updates to and patches for a device’s software and firmware. Be sure to check the manufacturer’s website regularly for any updates or patches for your device.
  • Check your internet provider’s or router manufacturer’s wireless security options.Your internet service provider and router manufacturer may provide information or resources to assist in securing your wireless network. Check the customer support area of their websites for specific suggestions or instructions.
See Also
3405 - Five key elements of effective network security.What is bluesnarfing? – TechTarget DefinitionWireless Network Security - Everything You Need to KnowOn Secure Simple Pairing in Bluetooth Standard v5.0-Part I: Authenticated Link Key Security and Its Home Automation and Entertainment Applications
Securing Wireless Networks | CISA (2024)
Top Articles
Bitgert Price Prediction: Can BRISE Reach 1 Cent? - Phemex Academy
What Is Bitgert (BRISE)Crypto?
Food King El Paso Ads
Amc Near My Location
Enrique Espinosa Melendez Obituary
Tabc On The Fly Final Exam Answers
Stadium Seats Near Me
Poe Pohx Profile
Cvs Devoted Catalog
Culver's Flavor Of The Day Monroe
FIX: Spacebar, Enter, or Backspace Not Working
Love Compatibility Test / Calculator by Horoscope | MyAstrology
WWE-Heldin Nikki A.S.H. verzückt Fans und Kollegen
How to Store Boiled Sweets
Images of CGC-graded Comic Books Now Available Using the CGC Certification Verification Tool
Roster Resource Orioles
Where Is George The Pet Collector
Mc Donald's Bruck - Fast-Food-Restaurant
Espn Horse Racing Results
Between Friends Comic Strip Today
Military life insurance and survivor benefits | USAGov
Yosemite Sam Hood Ornament
Valic Eremit
Craig Woolard Net Worth
10 Best Places to Go and Things to Know for a Trip to the Hickory M...
Goodwill Of Central Iowa Outlet Des Moines Photos
WPoS's Content - Page 34
Winterset Rants And Raves
Funky Town Gore Cartel Video
In Branch Chase Atm Near Me
Newcardapply Com 21961
Best Workers Compensation Lawyer Hill & Moin
Ewwwww Gif
Jewish Federation Of Greater Rochester
Daily Times-Advocate from Escondido, California
888-822-3743
Subdomain Finder
Coffee County Tag Office Douglas Ga
Martha's Vineyard – Travel guide at Wikivoyage
BCLJ July 19 2019 HTML Shawn Day Andrea Day Butler Pa Divorce
Port Huron Newspaper
How to Connect Jabra Earbuds to an iPhone | Decortweaks
Hdmovie2 Sbs
Bonecrusher Upgrade Rs3
tampa bay farm & garden - by owner "horses" - craigslist
Wvu Workday
Tyrone Unblocked Games Bitlife
Appsanywhere Mst
Fahrpläne, Preise und Anbieter von Bookaway
Ippa 番号
Wayward Carbuncle Location
Latest Posts
Should I have a PayPal business account?
How to Hide Your Address When Sending Money on PayPal (Answered) - Pile of pennies
Article information

Author: Kerri Lueilwitz

Last Updated:

Views: 5621

Rating: 4.7 / 5 (47 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.