Securing your WiFi network is more important than you think. Indeed, the WEP (Wired Equivalent Privacy) and even WPA (Wi-Fi Protected Access) protocols contain security vulnerabilities that make it relatively easy to hack into our connection.
We will see how to secure our Wi-Fi network at 5 points after explaining the need to secure our wireless network.
Threats no matter where you are?
It is not possible to control the range of the wireless network, which most likely extends into your neighbourhood. And even if you know your neighbours well and think they won’t do you any harm, you should know that there are practices to look for open or poorly secured Wi-Fi networks in order to connect to them and perform all kinds of malicious actions.
Examples include intercepting data transmitted in clear text or hacking (of accounts, systems or even films) via your access point for which you will be responsible. These practices are called WarDriving and Warchalking. The first is to search for open or low-security wireless networks via a smartphone or laptop computer, and the second is to use tag symbols on the streets to report open Wi-Fi networks.
Is WEP really that fallible?
The WEP protocol uses the RC4 symmetric key encryption algorithm and a checksum to ensure the confidentiality and integrity of exchanges between machines. The problem is that this key is static and therefore shared between all the machines connected to the same box. This makes it possible to find it by simply communicating with the network.
As early as 2001, researchers discovered that the first bytes of the stream used for encryption are not random and that by observing a large number of encrypted messages one could actually find the key…in a few minutes!
So WPA is better?
To address WEP’s weaknesses, IEEE has developed another wireless network security protocol called WPA.
The WPA protocol allows better data encryption than the WEP protocol because it uses dynamic TKIP (Temporal Key Integrity Protocol) keys. Thus, the WPA allows the use of one key per machine connected to a wireless network.
WPA keys are therefore automatically generated by the wireless access point.
The TKIP protocol improves security compared to WEP because :
- It doubles the size of the initialization vector (random bits added to the data). The programs that make it easy to determine the WEP key are a list of these initialization vectors to carry out the attack.
- The WPA also doubles the message integrity code from 4 to 8 bytes.
- Encryption keys are generated periodically and automatically for each customer.
The Wi-Fi Alliance (the association that owns the Wi-Fi brand) then created a new certification called WPA2 for devices that support the 802.11i standard. WPA2 is based on WPA, it supports AES encryption instead of RC4 and offers new features such as “Key Caching” and “Pre-Authentication”.
To summarize, the WPA-2 offers compared to the WPA:
- More efficient security and mobility through customer authentication regardless of where the customer is located.
- Strong integrity and confidentiality guaranteed by a dynamic key distribution mechanism.
- Flexibility through fast and secure re-authentication.
WPA3 is the logical evolution of WPA-2. It brings some new features but remains based on the same global operating mode.
How to secure your Wifi network?
Here are now the 5 points to secure your Wi-Fi that I will detail later:
- Encrypt your Wi-Fi network
- Change the default password of the box
- Update your box
- Do MAC filtering
- Change the network name
Encrypt your Wi-Fi network
We have seen that with a Wi-Fi network, any data sent or received can be intercepted by anyone with the necessary tools. Network sniffers are used to reading the plaintext content of messages in transit. These messages may be passwords and other confidential information.
Encryption, therefore, makes it possible to make these data unreadable even if they are intercepted. To do this, it is necessary to implement the WPA2 protocol and especially not the WEP protocol.
Change the default password of the box
If you need to give a username and password to enter the control panel (at Free you must first login via your subscriber account), make sure you have chosen a complicated password and especially not the default one. It is possible that some ISPs send the default password by email or post.
It is a password that must then be changed like any default password. Some access credentials for modem administration are sometimes extremely obvious and known to everyone. Indeed, some sites list the default IDs of most suppliers.
The password security policy then applies, i.e. a complicated and long password, which should not be saved in the browser.
Update your router
Access providers may provide software updates. These are updates that may be related to modem security. They are therefore to be taken seriously and done as soon as possible. For recent modems, updates should also be automatic.
Change the name of the Wi-Fi network
Although this has very little impact on the security of the Wi-Fi network itself, changing the default network name (SSID) is a way to let potential hackers know that you take your security seriously. There is less chance of attacking a person who seems to know something about it compared to a person who seems to be a beginner with a default network name.
This is also done via your administration panel.