InfoSec Advisory with Del Aden: Is your Wi-Fi secured?

0
Del Aden is a UK-based Enterprise Architect

Some users have reported that after updating to iOS 14, their device showed a message that said “Weak Security” underneath the name of their Wi-Fi network. What does this message mean, and what should you do to fix it? This article will explain why you are seeing this message, and how to make your home Wi-Fi more secure.

To start with, the meaning of the message is somewhat obvious: Your Wi-Fi security is weak. If your Apple device displays a privacy warning or warning about the weak security of a Wi-Fi network, that network could expose information about your device. As such we recommend connecting to Wi-Fi networks that meet or exceed the security standards outlined in this article.

What Your Wi-Fi Router Does



You might not think much about your router, but it’s probably the most important gadget in your home. It’s definitely the most important one connected to your network. Most Wi-Fi routers have several functions. First, they’re gateways that connect a cable modem to the internal network. They’re also wireless access points that provide connectivity for the Wi-Fi devices in your home. Most routers also include a handful of Ethernet ports, which make them a network hub or switch.

Security protocols for Wi-Fi.

WEP – Wired Equivalent Privacy is the oldest and the least secure Wi-Fi encryption method around since the 90s. It is not good. The encryption can be broken, and then any data you send can be read by a hacker.

WPA/WPA2 – Wi-Fi Protected Access, WPA, adds an additional layer of security to WEP, but was sort of a temporary fix until WPA2. WPA2 is a common security protocol being used on routers today. Although there are some vulnerabilities, it’s still pretty secure. WPA2 can be either TKIP or AES. You want AES as it is the newer, more secure of the two.

WPA3 – The latest security protocol, adds a much stronger encryption which significantly improves the security of your Wi-Fi.

Wi-Fi Router settings

To ensure that your devices can connect securely and reliably to your network, apply these settings consistently to each Wi-Fi router and access point, and to each band of a dual-band, tri-band or other multi-band router.

Set to WPA3 Personal for better security –  Set to WPA2/WPA3 Transitional for compatibility with older devices. The security setting defines the type of authentication and encryption used by your router, and the level of privacy protection for data transmitted over its network. Whichever setting you choose, always set a strong password for joining the network.

WPA3 Personal is the newest, most secure protocol currently available for Wi-Fi devices. It works with all devices that support Wi-Fi 6 (802.11ax), and some older devices too.  WPA2/WPA3 Transitional is a mixed mode that uses WPA3 Personal with devices that support that protocol, while allowing older devices to use WPA2 Personal (AES) instead. WPA2 Personal (AES) is appropriate when you can’t use one of the more secure modes. In that case, also choose AES as the encryption or cipher type, if available.

Weak security settings MUST be avoided: This includes WPA/WPA2 mixed modes, WPA Personal, WEP, including WEP Open, WEP Shared, WEP Transitional Security Network or Dynamic WEP (WEP with 802.1X), TKIP, including any security setting with TKIP in the name 

Don’t create or join networks that use older, deprecated security protocols. These are no longer secure, they reduce network reliability and performance, and they will cause your device to display a security warning 

Don’t use settings that turn off security: such as None, Open or Unsecured, are also strongly discouraged. Turning off security disables authentication and encryption and allows anyone to join your network, access its shared resources (including printers, computers and smart devices).

Use your Internet connection and monitor the websites you visit and other data that’s transmitted over your network or Internet connection. This is a risk even if security has been turned off temporarily or for a guest network

Network Name (SSID)

The name of your network or SSID is what you will see listed when you search for and connect to a wireless network. Use a unique name for your network. Don’t use the name that came with your router, such as Linksys or netgear. This will make sure you don’t accidentally connect to other networks with the same name as yours. Use the same name for your 2.4 GHz and 5GHz bands. Don’t hide your network name. Keep this feature disabled.

Other Router Settings 

  • MAC address Filtering, Authentication and Access Control – Disable this feature. It doesn’t do much to enhance your security and it can make it difficult to connect your devices.
  • Automatic Firmware Updates – You may want to enable automatic firmware updates to ensure that your router always has the latest updates.
  • Radio Mode – The options in this setting are Wi-Fi 2 – Wi-Fi 6 or 802.11a/g/n/ac/ax. You should usually open all of these to allow devices to connect via the fastest mode they support.
  • Bands – Open both bands; no reason not to. The 2.4 GHz band may have a better range whereas the 5 GHz will be faster when you are within its range.
  • Channel – Each of the 2.4 and 5 GHz bands will use a channel. If you have neighbors using, say, channel 6 for their 2.4 GHz band, you won’t want to use that one, due to interference. Interference can significantly affect your network’s performance. Usually setting the channel selection to Auto will work best. It allows your router to find the best band to use. If you happen to be using two or more routers for Wi-Fi, you may definitely see some performance degradation due to interference. In this case, you will probably want to manually set your routers to use different channels to make sure they don’t interfere with each other. If you suspect that your network’s performance is being affected by interference, or some other Wi-Fi signal issue, you can use a program like NetSpot to get a look at your and other nearby networks.

Worth Noting

Anytime you leave the default settings, you’re basically asking for trouble! For many routers, it’s not too difficult to find the manufacturer’s guide and immediately know what the defaults are. Additionally, tools like “Shodan” make it easy to find online every router of a particular brand. So, if you know what those default settings are, you can find those things pretty quickly and immediately attempt to hack.”

Thankfully, things are getting better. Many newer routers come with randomized passwords, rather than the same stock set of characters for all models that roll off the assembly line. In fact, a recent law—the California Consumer Privacy Act—mandates that all devices must be sold with unique passwords. Still, you should change the default password—and the more complex the password is, the better!

In conclusion

Clearly, password hygiene is critical to the security of your Wi-Fi network. Beyond that, though, there are additional steps you can take to ensure your network’s security. One way is to keep your router up to date. Some routers update their firmware automatically, but many do not. To do this, you have to open the router’s admin settings in a browser or mobile app and check for updates. Generally, router manufacturers don’t frequently issue updates, so when there is a release, it’s probably critical.

You should also disable router features that make your network more vulnerable. Chief among these is remote access. You don’t want anyone to be able to remotely access that thing. You want any access to be done from a machine connected to your local environment.

Some security experts have more robust recommendations. McGladrey suggests replacing your router every two or three years and evaluating IoT devices for security vulnerabilities before you purchase them.

Not all suggestions are practical for everyone. But if you keep the router’s firmware updated and occasionally (perhaps twice a year) change the passwords, this will probably be more than sufficient. And as long as your IoT devices have their own guest network to play in, you can consider yourself safe.

“If the Iranians or the Russians have decided to make you a target, that might not be sufficient,” Hatter said. “But it’s going to stop the average kind of hacking.” 

About the Author

Del Aden

Del Aden is a UK based InfoSec & Business Continuity Consultant, with main focus on helping organisations to implement Digital Transformation, defend their digital infrastructure and plan their Business Continuity Strategies. Del is also a Freelance writer, international Conference speaker and a Global trainer.

Contact: [email protected]WhatsApp:+44 7973 623 624  |  Web: www.delta3.co

Leave a Reply