Security 101 08-12-2014

Easy Quick Start Guide to Build Strong WiFi Security

Flavio Martins

Hackers today typically seek for the weakest link in a network before coming up with their plan of attack. This is especially true when it comes to WiFi security.

Normally, the easiest vulnerability to exploit in a WiFi network is human error. A number of news articles have recently focused on secret “backdoors” previously configured in WiFi devices that allow attackers to take advantage of systems; however, most WiFi security incidents happen because of failure to follow security best practices.

A study of IT professionals and remote IT workers found that 30% of enterprise admins and nearly 50% of remote IT workers never changed the default password for the administrative account on their home router. Even the most complex system passwords never stand a chance when the network they’re transmitted on is compromised by bad actors.

Breaking down WiFi security and turning routers into weapons for enterprise attacks is a new frontier in information security, but it's happening fast. In a recent incident, 300,000 routers were hacked and turned into a bot net setup to reach unsecured data being transmitted between computers connected to the WiFi access point. With the rise of BYOD, telecommuting, and working remotely, better WiFi security is more critical than ever.

4 Simple Steps to Build Strong WiFi Security

Setting up strong WiFi networks is key to ensure that work can still take place anywhere and at anytime, and that information always remain safe. These four simple tips will help create a strong foundation for proper WiFi security at home and at work.

    1. Change the Default WiFi Administrator Username and Password

      The most basic step in strong WiFi is to always change the default administrative username for any WiFi router. In my early information security courses we would set up labs to test WiFi security and the first thing we’d try was the typical username “admin” and password “password” in order to access the control panel for a WiFi router.

      Most routers today don’t require a hard wired, physical connection in order to log into the administrative interface for the router. Not changing the preconfigured settings is inviting hackers inside your network and handing over the keys to your data.

    2. Encrypt WiFi Router Administration Pages

      One of the most disturbing practices I’ve seen with router security is unsecured administrative login pages. Adding a WiFi certificate to your administration login page is critical to ensuring that admin credentials don’t fall into the wrong hands.

      Although some routers come with a pre-issued self-signed untrusted certificate, those are easy to duplicate and are a threat vector for man-in-the-middle attacks by hackers. Using an SSL Certificate from a trusted Certificate Authority for WiFi routers is the only way to ensure that your connection isn’t being intercepted by a third party and being used for malicious purposes.

      Though instructions for installing SSL Certificates for WiFi routers aren’t always included with router quick start guides, administrators can find specific instructions for installing Certificates for WiFi on their hardware provider’s support site. Wifi certificates on admin pages are critical to securing remote management of Wifi devices.

    3. Update WiFi Router Firmware Frequently

      I recently purchased a high-end WiFi router for a family member and when I first turned it on I noticed that the default firmware shipped with the router was very outdated and automatic updates were turned off by default.

      A recent survey showed that up to 80% of top-selling routers ship with severe security vulnerabilities. Assuming that a router is up-to-date gives bad actors an opportunity to wreak havoc on your network.

      If possible, look for alternate firmware to install on your router to enhanced WiFi security. But if that’s technically impractical or too time consuming, simply keeping your router firmware up-to-date will ensure that known vulnerabilities are patched.

    4. Trust in Encryption. WiFi Encryption Works.

      The right way to build WiFi security is to build it on already tried and true principles of security. This means building secure WiFi on a foundation of encryption with protocols designed specifically for WiFi security. There’s no excuse to continue using WEP. It’s outdated and if your device can’t support the field-tested and secured WPA2, it’s time to get a new WiFi device.

      Enterprise WiFi networks must use certificates for security, especially as a basis for access control. WPA2 continues to be proven as a detractor to WiFi hackers. If you’re using it, bad actors are more apt to trying someone else that is easier to hack.

Make WiFi Security a Priority

The increase in work being done on the go and remotely from home means an increase in the number of threat vectors to data security.

"As embedded systems begin to proliferate in both corporate and consumer networks, greater attention needs to be given to what vulnerabilities these devices introduce... Security for these devices is typically a secondary concern to cost and usability and has traditionally been overlooked by both manufacturers and consumers.” -Team Cymru Researchers

With increases in the effectiveness of enterprise security policies and a greater emphasis on proper password creation and protection, hackers can still bypass individual security best practices by taking advantage of improperly configured WiFi security settings and use the data on your network for malicious purposes.

Ensuring that WiFi networks are properly secured doesn’t always require a full time administrator or expensive hardware or monitoring software. Strong WiFi security is built on doing the simple things that are proven to keep users and data safe at home and at work.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories


Pioneering the next wave of secure digital solutions 


4 best practices for bulk email senders



Driving digital trust with SOC 2-compliant DNS