Have you ever wondered how to make your wireless network more secure? Some people say that a large amount of information about Wi-Fi security can be found on the Internet, such as using WPA or WPA2, disabling SSID broadcast, and changing the default settings. However, this alone is not enough. We will share with you four advanced technologies that make wireless networks safer.
1. Switch to enterprise-level encryption
If you create a WPA or WPA2 encryption key and you must enter this key when connecting to a wireless network, you are using the WPA pre-shared key (PSK) mode. Enterprise-level networks, whether large or small, should be protected in enterprise mode, because this protection mode adds 802.1X/EAP authentication to the wireless connection process. Instead of entering an encryption key on all computers, you can log on with a user name and password. the encryption key is used securely in a hidden manner and is unique to each user and session. This method provides centralized management and better wireless network security.
In short, employees and other users log on to the network through their own accounts when using the enterprise model. When necessary, administrators can easily change or abolish access. This method is useful when an employee leaves or his or her laptop is stolen.
2. Verify physical security
Wireless security is not just a technical issue. You can have the most robust Wi-Fi encryption, but how can you prevent someone from connecting the cable to the exposed Ethernet port? Or when someone goes through an access point, they press the reset button to restore it to the factory settings to make your wireless network wide open. What should you do?
Therefore, make sure that your AP is far away from public access and do not allow employees to play with it at will. Do not put your access point on the table. At least you should put it on the wall or ceiling. It is best to put it above the ceiling. You can also consider installing the AP in a location that is not easy to see and installing an external antenna to obtain the strongest signal. In this way, the AP can be restricted to a greater extent. At the same time, two benefits can be obtained: one is to increase the coverage, and the other is to use a higher antenna.
3. install intrusion detection and intrusion defense systems
These two systems usually work with one software and use users' wireless network cards to sniff wireless signals and find problems. This system can detect fraudulent access points. Whether it is to access a new access point to the network, or an existing access point, it is set to the default value, or does not match the user-defined standard, IDS and IPS can be detected. This system can also analyze network data packets to see if someone is using hacker technology or performing interference.
There are many types of intrusion detection and defense systems, and these systems use different technologies. Here, I recommend two open-source or free systems, namely the famous Kidmet and Snort. Now there are a lot of tutorials on these two systems on the Internet. Try them. Of course, if you are willing to spend money, you can also consider AirMagnet, AirDefence, AirTight and other foreign companies' products.
4. Use SSL or Ipsec Encryption
Although you may be using the latest and most robust Wi-Fi encryption (on the second layer of the OSI model), consider implementing another encryption mechanism, for example, IPSec (on the layer 3 of the OSI model ). In this way, not only dual encryption can be provided on the wireless network, but also the security of wired communication can be ensured. This prevents employees or external staff from randomly inserting Ethernet ports into the device for eavesdropping.
Although most of the four technologies mentioned here are mature in wired networks, they have not been implemented in many wireless networks. To make wireless network access more secure, try it.