RADIUS | UWC Congress https://uwccongress.org Universal Wireless Communications News and Guides Wed, 05 Apr 2017 09:38:28 +0000 en-US hourly 1 Top Five Wi-Fi security mistakes https://uwccongress.org/top-five-wi-fi-security-mistakes/ Fri, 17 Feb 2017 08:54:29 +0000 https://uwccongress.org/?p=22 We are spoiled when it comes to mobility, wouldn’t you agree? Ten years ago, we were glued to our desks, and now we’ve got these powerful computers that are lightweight, portable and, most of all… connected!

We have gotten used to accessing the Internet via Wi-Fi connections, but this doesn’t mean that we shouldn’t take security into account. Believe it or not, most people make one or more of the mistakes listed below, compromising their network’s security. Be sure to avoid them, and you will be one step ahead of the bad guys, who may try to steal your data or simply connect to your Internet connection for free.

 

Mistake number one: using unencrypted Wi-Fi networks

By encrypting your Wi-Fi network, you prevent people from having access to your shared folders, printers, and other shared network resources. If a hacker can connect to your Wi-Fi network, he may be able to get access to some – or all! – of your passwords.

Some people use the outdated WEP encryption protocol, which isn’t secure at all. Always use personal mode and WPA2, if possible, or at least WPA. This doesn’t mean that your network is now bulletproof, but you can harden its security by choosing a strong passphrase. The Wi-Fi password can have up to 63 characters, so be sure to use them all, if possible. Mix letters (upper and lowercase), numbers and special characters to build your password.

 

Mistake number two: not using WPA2 enterprise security for businesses

The WPA2 protocol has two modes: personal (PSK) and enterprise. Businesses should use the enterprise mode, which requires a dedicated server to authenticate each Wi-Fi client. The server, called Remote Authentication Dial-In User Service – aka RADIUS – will assign each user his or her own digital certificate, which can be used to connect to the company’s Wi-Fi network.

This way, if one of the employees loses a device, it will be much faster and easier to revoke his or her account, rather than change the Wi-Fi password for all the connected devices.

 

Mistake number three: relying on MAC filtering

MAC filtering helps you set up a list of devices that are allowed to connect to the Wi-Fi network, based on their MAC addresses. It’s supposed to add an extra layer of security, but the sad reality is that MAC addresses can be easily spoofed.

A villain can easily find an authorized MAC address, copy it, and then connect to the desired Wi-Fi network without any trouble. In addition to this, MAC filtering reduces network performance, even though, to be fully honest, the speed decrease isn’t that significant.

 

Mistake number four: relying on hidden networks

Some people choose to hide their networks’ names. This way, the SSID is hidden, but it can still be discovered by making use of freely available tools.

Hidden SSIDs may sound like a good plan, but they will actually degrade network performance. The cause is simple: you will have to create wireless profiles (network name/password combinations) for all your devices, and this will generate and require additional network data packets.

 

Mistake number five: connecting to other people’s Wi-Fi networks

This can happen by accident, or intentionally. Some employees could connect to an unsecured network that belongs to another company, or even to a Wi-Fi hotspot which was set up by a hacker who wants to gather their passwords.

They may do it because the company network is down and they are looking for alternative hotspots, or maybe because their bosses have set up the company’s Wi-Fi network in a way that doesn’t allow them to access some sites – Facebook, for example.

No matter the cause, you should make sure that their devices can only connect to a list of preferred networks. Computers running the Windows operating system can enforce this security measure by making use of the netsh wlan command, for example.

 

]]>