Cyber Security Center

How to stay safe when connected to Wi-Fi


Find out how to safely use public WiFi and configure your private WiFi settings to avoid hacker attacks.

 

Screenshot (58)

In today’s modern society, Internet is accessible wherever you are, whether you are home, on a trip, in a cafe, etc. Most airports, hotels, cafes, restaurants and even buses offer free WiFi. However, with the convenience of being able to connect to the internet wherever you are comes the risk of being hacked more easily. Publicly accessible WiFi is very useful but precisely because it’s accessible for everyone that it is dangerous. There’s also the risk of someone accessing your private network because of incorrectly configured WiFi. Overall, there is risk associated with WiFi, but you can minimize it.

How to secure your wireless network

Recommendations for protecting your wireless network

Despite all the WiFi advantages, it’s not perfect. Incorrect WiFi configurations or superficial maintenance could allow hackers to unnoticeably infiltrate the network and spy on users, access files, steal info, etc. Oftentimes, when hackers infiltrate the network, they target confidential information related to finances.

The three major threats associated with unsafe wireless network configuration are:

  • Receiving network data. Hackers can see what you do on the Internet, read your emails, steal your passwords, etc.
  • Unauthorized use of network resources. Third-parties may use your network to perform hacking, distribute prohibited content or malicious software, write offensive comments in the web space, and more.
  • Network disruption. Hackers can change your router settings and not allow you to use the Internet.

 

Here are some recommendations for securing your wireless network. Perhaps not all of these security recommendations can be properly implemented, but at least some of them may significantly improve protection. Experience shows that an intruder is primarily looking for opportunities to break into a completely unprotected network.

 

  • Change your primary password

 

All wireless routers have a remote control and configuration feature that allows you to change your router and wireless network settings. By default, the administrator interface can be accessed without a password using the standard manufacturer password (provided in the manual) or using a unique password set by the manufacturer.

In all cases, you must change the password, as a potential intruder may know the most commonly used original manufacturer passwords or may know their algorithm for password generating. If you’ve already changed your device password, make sure it meets the strong password requirements.

  • Use network encryption

 

The key to ensuring wireless network security is activating the encryption feature. If encryption is not enabled, your network can be accessed by anyone. Devices for home users include three encryption methods: WPA2, WPA and WEP. It’s recommended to use WPA2 encryption, as it is currently considered the most reliable.

Although WPA2 uses a secure encryption mechanism, it is necessary to choose a secure password as network security depends on it. If a hacker can guess a password, he/she will be able to connect to the network. Since this password is remembered when connecting to a network on your computer, it is recommended that your password is at least 33 characters.

  • Change original network name (SSID)

 

One of the recommended steps to protect your wireless network is to change the default network name or SSID (Service Set Identifier). Many manufacturers use the standard SSID (such as wifi, default, etc.), which can in some cases facilitate the process of choosing a network password. Additionally, default SSID is often a sign of a badly configured network, which increases the likelihood of hackers trying to infiltrate such a network. The SSID should be abstract and should not reveal personal data or access point.

  • Use MAC filtering

 

Like any network device, a wireless networking device has its own unique MAC (Media Access Control) address. In a wireless network access device, create a fixed list of MAC addresses that you can use to connect to the network.

However, the MAC address of the network device can be changed. As a result, intruders can monitor the wireless network and determine which of the addresses are actually used on the network, simulate foreign MAC addresses in their hardware and thus connect to the network. Therefore, the MAC filtering method does not guarantee full security.

  • Disable router administration from the Internet and the wireless network

 

To minimize potential risks, it is recommended that you disable access to the administrative router interface from the Internet and the wireless network itself. As a result, configurations will be modifiable only when connected through the router’s wired part.

  • Regularly update your router software

 

Equipment manufacturers periodically release software fixes for their products. The fixes not only add to the features of the hardware, but also fix known vulnerabilities that hackers could use.

How to safely use public WiFi

Recommendations for using public WiFi safely

Free WiFi is available in most public places, and connecting to it is convenient and simple. However, such public networks are regarded as “open”. In order words, a password is not necessary to access them, and they can be used by anyone who wants to.

Public WiFi threats:

  • A wireless network signal travels in a certain radius, so anyone in the range can accept it;
  • Data transmitted on the network is not encrypted. In other words, anyone who can receive a signal can also see the content of the data being transmitted if the network user does not use additional means of traffic encryption;
  • Even if the data is encrypted additionally, the hacker retains the ability to execute man-in-the-middle attacks against network clients by intervening between the client and the server;
  • Some open access points can be created to spy on users, steal passwords, redirect users to malicious software distributing web pages, etc.

 

Recommendations

  • Assess the risk before you connect

 

From a security point of view, random open wireless networks pose an increased risk to data security. If you are going to use such a network, assess the risk. For example, if you are going to check your email and the email client does not use encrypted connection, you would be risking exposing not only the email password, but also the email contents. If you intend to make a bank transfer, keep in mind that a hacker may direct you to a fake bank site.

  • Clear the open wireless networks list

 

Once connected to a wireless network access point, the computer system may attempt to detect it in the future, thereby increasing the likelihood of certain risks. It is recommended to clear the list of networks every time you use public WiFi.

  • Use a firewall

 

A properly configured firewall will decrease the likelihood of successful hacking attacks.

  • Use secure data transfer protocols

 

This tip is not just for wireless network users. Where possible, secure data transfer protocols should be used. If you are using a company computer or enterprise network services, contact your system administrator to inquire about the possibility of using secure VPN to access to your internal business network.