Converting your office LAN into a wireless network can ensure the ease of networking by avoiding the coils of Ethernet cables. When I started my networking career, it was the confusing cables that welcomed me and my team in every office and it took time to understand which cable goes to which device since most of the Ethernet cables were not properly arranged. With the popularity of wireless network by the introduction of 802.11 ac and 802.11n, we do not need Ethernet cables to transfer data fast between devices in an office because both these wireless standards offer high data transfer speed. Though wireless makes an office looks smart, it has some security issues. It is true wireless networks are more prone to hacking compared to a wired network.
A sophisticated hacker can easily intrude into a wireless network compared to a wired network. It is because wireless offers a possibility to connect to the network if one user is in its range wherein Ethernet LAN, there is no such an option. However, we can prevent any unauthorized access to a wireless network by following a set of precautions like enabling proper wireless encryption, allow guests to access just guest accounts, MAC Address filtering etc.
Avoid Risks On Wireless Networks
A sophisticated hacker can easily intrude into a wireless network compared to a wired network. It is because wireless offers a possibility to connect to the network if one user is in its range wherein Ethernet LAN, there is no such an option. However, we can prevent any unauthorized access to a wireless network by following a set of precautions like enabling proper wireless encryption, allow guests to access just guest accounts, MAC Address filtering etc.
How to Secure A Wireless Network From Hackers
- Configure Best Wireless Encryption
One of the most important steps to keep intruders from your wireless network is to enable proper wireless encryption. There are wireless encryption protocols like WEP, WPA, and WPA2. Currently, the industry's best wireless encryption is WPA2. So it is recommended to use WPA2 for your wireless network. To read more about choosing the right wireless encryption for your wireless network, read the Cisco guide.
http://blogs.cisco.com/smallbusiness/understanding-the-difference-between-wireless-encryption-protocols/
- Limit the Wireless Network Range
In most of the modern wireless routers and Access Points, we have an option to set the range of the wireless network. It is wise to limit the wireless range of your network just in the boundary of your office. So anyone outside the office cannot join your wireless network even if he managed to break your wireless encryption. So your wireless network is safe from intruders.
- Enable MAC Address Filtering
With MAC Address filtering you can provide another layer of security to your office wireless LAN. You can set which all devices can join office wireless network by specifying the MAC Address of the devices. Since MAC Address is a physical address, no other device will have the same address. However, you must understand by MAC Address spoofing a talented hacker can break this wireless security. However, this step can prevent a hacker device from joining the wireless network until he identifies the barrier.
Wireless Network Keep Connecting & Disconnecting
- Stop Wireless Network Name (SSID) Broadcast
Though it is useless against a skilled attacker, by hiding SSID broadcast, you can make your wireless network invisible to common users. Your wireless network remains hidden and computers will not detect your wireless network by normal scanning for available wireless networks.
- Enable Guest Wireless Account
Create a guest account on your wireless router and let the guests and ordinary users in your office join that network only.
- Set a Custom Router Password
Though this step is not directly protecting your wireless network against hackers, it will protect the router from users in your office to access the router setup page and change wireless settings. It is always advised to change default router password after configuring it.
Other Wireless Security Articles
- How to Start WLAN Autoconfig On Windows 8 Computer
- How to Configure D-Link Wireless Access Point
- How to Setup Wireless & Security On Teracom Modem For BSNL
- How to Configure Linksys Range Expander RE1000 & WRE54G
Thank you Mr. George for this wonderful guide. I always Go with WPA2 enterprise encryption with RADIUS server. It is industry's best wireless security right now.
ReplyDeleteThanks for your comment Sandeep
ReplyDeleteHi, I was said to have rom 0 vulnerability in my tdslw2type2 teracom router. I have made all tough set up , and still avast scan reveal that it is having rom 0 vulnerability. Can we block the rom O file from any body accessing thro router. There is no firmware update
ReplyDeletei have disabled remote access, enabled SIP, disabled upnp, and changed the admin pw. Still i could not stop this problem your idea pl
@Raj,
ReplyDeleteYou seems have done almost every thing to prevent the rom 0 vulnerability. Only thing you can now expect is to have a firmware update from router manufacturer. May be the following link can give you more ideas but I believe you might have seen this link before.
https://discuss.howtogeek.com/t/what-is-rom-0-vulnerability-how-to-overcome-this-in-router-setting/41608
http://www.corenetworkz.com/2016/02/precautions-for-rom-0-router.html
Hi, Thanks alex.
ReplyDeleteMy router manufacturer site has an update, but there is nothing in the page 404 error.
I have seen your and HTG article. In fact, i have raised the thread there in the HTG link.
Yes of course, my dns server access point was changed by remote, preventing my internet access. I checked the gateway and then changed back to my preference to get my internet access.
Rom 0 is a configuring file, that one makes when changing the router pages, including bb pw and wifi.
What i want to know, is it flaw in net work, local area connection settings that need to be checked. Wifi limits your access to only two or three houses
Grc.com check finds, that all ports , common are stealthy. Does that not means they are closed . The gateway access point , i mention above was 169.254.90.67. I do not know which is accessing my pc to be made the internet access not available to me. Please answer
@Raj,
ReplyDeleteI can recommend you add a network firewall if you are not in a limited budget other wise you must contact your router manufacturer technical support and ask them the recommended solution from their part since the update page shows 404 error.
I suggest you to install Avast and use the ''Home Network Security scanner' feature to test whether your device is still vulnerable.
If all the work-arounds fail, you will have only one option, change device. Latest models in the market seems free from Rom 0 vulnerability.
Hi, I have changed the modem to dlink. Now i do not have rom 0 vulnerability, but instead shows weak password.
ReplyDeleteSo, alex, it means that those who have older model will have to throw the device to switch to new device.
could not some provide a kind of lock of rom 0 file. I heard that when you just type your access point along with the word rom o, then it gives the option of saving your configure file. what a security lapse.
I also think that avast is doing a kind of aggressive scan and come with some kind of vulnerability or may be all the findings of avast are false positive. Thanks any how for the suggestions.
It might be possible that Avast shows false alerts. If we are regularly updating the router firmware, we do not need to worry much about known bugs.
ReplyDelete