Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

5 Wi-Fi security myths you must abandon now

Eric Geier | Oct. 8, 2013
Save yourself and your friends from these outdated or inaccurate security techniques, and learn the current best practices.


Wi-Fi has evolved over the years, and so have the techniques for securing your wireless network. An Internet search could unearth information that's outdated and no longer secure or relevant, or that's simply a myth.

We'll separate the signal from the noise and show you the most current and effective means of securing your Wi-Fi network.

Myth No. 1: Don't broadcast your SSID
Every wireless router (or wireless access point) has a network name assigned to it. The technical term is a Service Set Identifier (SSID). By default, a router will broadcast its SSID in beacons, so all users within its range can see the network on their PC or other device.

Preventing your router from broadcasting this information, and thereby rendering it somewhat invisible to people you don't want on your network, might sound like a good idea. But some devices—including PCs running Windows 7 or later—will still see every network that exists, even if it can't identify each one by name, and unmasking a hidden SSID is a relatively trivial task. In fact, attempting to hide an SSID in this way might pique the interest of nearby Wi-Fi hackers, by suggesting to them that your network may contain sensitive data.

You can prevent your router from including its SSID in its beacon, but you can't stop it from including that information in its data packets, its association/reassociation requests, and its probe requests/responses. A wireless network analyzer like Kismet or CommView for WiFi, can snatch an SSID out of the airwaves in no time.

Disabling SSID broadcasting will hide your network name from the average Joe, but it's no roadblock for anyone intent on hacking into your network, be they an experienced blackhat or a neighborhood kid just goofing around.

Myth No. 2: Enable MAC address filtering
A unique Media Access Control (MAC) address identifies every device on your network. A MAC address is an alphanumeric string separated by colons, like this: 00:02:D1:1A:2D:12. Networked devices use this address as identification when they send and receive data over the network. A tech myth asserts that you can safeguard your network and prevent unwanted devices from joining it by configuring your router to allow only devices that have specific MAC addresses.

Setting up such configuration instructions is an easy, though tedious, process: You determine the MAC address of every device you want to allow on your network, and then you fill out a table in the router's user interface. No device with a MAC address not on that table will be able to join your network, even if it knows your wireless network password.


1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.