Click on the above“Do you know how ducks get on the shelf?” to follow us
Wi-Fi networks have become very popular, and many so-called tricks or methods that seem to ensure wireless network security have emerged. A quick search online reveals many outdated and fundamentally insecure so-called rumors or myths.
We will debunk these so-called security methods and show you what the latest and most effective best practices for protecting wireless network security are.
Myth 1: Not Broadcasting SSID
Every wireless router has a uniquely designated network name, known as the SSID. By default, every SSID is broadcasted, allowing all users within the coverage area of the router to see this SSID.
Setting to disable SSID broadcasting to make some people unable to see you sounds like a good idea. However, this is not the case. On PCs with Windows 7 and above, your wireless network can still be detected even if it cannot be identified by name. Therefore, using this method to hide your SSID is foolish; it will only attract the attention of nearby hackers who might think your network contains sensitive data. No matter how you hide it, some wireless network analysis programs like Kismet or CommView can effortlessly capture your SSID from the air. This method does not deter seasoned hackers or even the neighbor’s mischievous kids.
Myth 2: Filtering MAC Addresses
The unique MAC address can identify every device on the network. There is a technical myth that says if you configure the router to only allow devices with specified MAC addresses to connect, you can protect your network from intruders.
The process of setting this up is simple yet tedious, requiring you to fill out a MAC address table in the router’s backend. Only devices listed in this table can connect. It is said that devices not included in the table cannot connect even if they know your wireless network password.
However, hackers can use wireless network analysis programs to see the list of allowed MAC devices, and they can modify their MAC address to impersonate an allowed device. Therefore, MAC address filtering is a complete waste of time. It can only prevent gentlemen but cannot stop rogues.
Myth 3: Limiting the Router’s IP Address Pool
Each device on the network can also be identified by a unique IP address. Unlike MAC addresses, routers generally use DHCP (Dynamic Host Configuration Protocol) servers to assign a unique IP address to each device connected to the network. A widely circulated myth in the industry is that by limiting the router’s assigned IP address pool (for example, from 192.168.1.1 to 192.168.1.10), you can control the number of devices connected to the network. This is pure nonsense.
Myth 4: Disabling the Router’s DHCP Server
This myth suggests that if you disable the router’s DHCP server and manually assign IP addresses, your wireless network will be secure. This situation is similar to MAC address filtering, as it also requires creating an address table; any device not assigned an address cannot access the network.
The flaw is the same; once a hacker has infiltrated, they can perform an IP scan to determine all the IP addresses used by your network. The hacker can then manually assign a usable address to their device.
Myth 5: Small Networks Are Hard to Penetrate
This myth believes that reducing the transmission power of the wireless router will make it difficult for someone outside your home to access your wireless network because the lower power means they cannot detect it. This is arguably the most foolish myth. Anyone determined to crack your wireless network will use a more powerful antenna to detect your router’s signal. Reducing the router’s transmission power only shrinks the signal’s coverage and usability.
No Myth Version: Encryption is the Best Security
So, what is the best method to ensure wireless network security? Only encryption. Encryption scrambles the data being transmitted over the network, making it unreadable in its usual meaningful form. Although the data can still be captured by hackers, unless they know your login password or have intercepted your key, they cannot read the data.
In recent years, several encryption methods have emerged. In the early days of Wi-Fi, WEP (Wired Equivalent Privacy) provided the best security. However, today, WEP encryption can be cracked in minutes. Therefore, newer encryption methods must be adopted.
Then came WPA (Wi-Fi Protected Access), but this security protocol also had issues and has since been replaced by WPA2. WPA2 has been around for about ten years.
WPA and WPA2 each have two different modes: Personal Mode (also called PSK, or Pre-Shared Key) and Enterprise Mode (also called RADIUS, or Remote Authentication Dial-In User Service). Personal Mode is used for home networks and is easy to set up. As long as the network password is strong (for example, a combination of 13 digits or letters, like this: h&5U2v$(q7F4*), your network will be absolutely secure.
General routers also have a button-operated security feature called WPS (Wi-Fi Protected Setup). By pressing a button on both the router and the client device (if the client device supports WPS), you can connect to the WPA2 encrypted wireless network. However, a vulnerability in WPS makes it easy to be attacked by brute force methods. Therefore, if you are particularly concerned about security, you should consider turning off the WPS feature on your router.
Enterprise Mode of WPA2 is aimed at businesses and institutions. The level of security provided is much higher than WPA but requires a RADIUS server or a hosted RADIUS service.
Now you know what the best method to ensure wireless network security is. So take a few minutes to properly configure your router. (Translated by Bobo)

Want to know more
Quickly scan the code to follow