BEST PRACTICES FOR WI-FI SECURITY
Wireless networks are very easy to install. If everything works as expected, you can have a complex Wi-Fi network fully set up and running in only a few hours. You don't have to install a lot of hardware, and you don't have to pull lots of cables from one room to the other. More than this, once that your access points are in place and powered on, due to DHCP, all the network clients can discover them and connect to the wireless network.
Unfortunately, this is also the moment when real trouble can start. Why? Because any other person who happens to be within the range of your access points can also try to connect to your Wi-Fi network. You may be tempted to think that only the company's employees will be able to do that, but nothing could be further away from truth.
Wardrivers are hackers who have set up regular laptops in ways that make it possible to pick up network data packets even when they are hundreds of feet away from your access points. It's easy to build a wardriving machine: buy a decent laptop, and then replace its Wi-Fi module with one that's got more power. Actually, people can get similar results by simply replacing the tiny, built-in wireless antennas with high-gain models that they've built on their own, and then connecting them to the motherboard using standard cables.
Sadly, some of the so-called "script kiddies" only do things like these for fun. They aren't necessarily interested in getting access to the company data, but they will often brag about the results of their work on hacker forums, outing the user/pass combinations that make it possible for others to access your Wi-Fi network.
Serious hackers, who actually know what they are doing, are quite rare. However, once that they start targeting your Wi-Fi, they will do their best to penetrate your network, and they won't stop until they get what they want. Some of them may also attack your company because they want to harm you; they may have been hired by one of your competitors, for example.
When it comes to Wi-Fi security, requirements change from one company to the other, depending on the data that needs to be protected, the people who will have access to the network, their privileges, and so on. However, there are several preventative measures that can be taken to secure any wireless network.
Begin by changing the default network name, also known as "SSID". Many manufacturers include their company names in the routers' default SSID. It may be a good marketing move, but this makes it much easier for hackers to search for known router vulnerabilities. Also, don't provoke hackers by using network names such as "can't touch this"; you want to use an inconspicuous SSID name, such as "John3".
Encrypt data communication by using the most up-to-date security protocols. WPA3 is the best solution out there, but the devices that utilize it are few and very expensive at the moment. However, if you want to set up an impenetrable Wi-Fi network, it is wise to invest more money into it by purchasing modern equipment.
Use a strong, different password for each network client; WPA Enterprise Mode allows you to do that easily. This means that even if a hacker manages to log into your network, you can simply revoke that particular login and keep the rest of the network safe.
Don't forget to disable remote access. Many routers allow their admins to get access to them from a distance, but you should never activate this setting.
Always keep the router and access points patched. Just like other pieces of hardware, your devices run using imperfect software. Their manufacturers release patches that can fix major vulnerabilities regularly, so be sure to update all the access points and clients on a weekly basis.
It goes without saying that all your network clients (devices) should be patched as well. Don't allow hackers to access your Wi-Fi network just because you haven't taken the time to update Windows to its latest version, for example.