Let’s start with the basics. When you first purchase a Wi-Fi router or access point it is important to set up the security properly.
One of your first steps should be to determine who needs access to your Wi-Fi and how will you secure it. Will you allow guests to utilize your Wi-Fi and will you allow employees to connect to your Wi-Fi? I always recommend setting up guest access for anyone that should not have access to your local network.
What should you name of your SSID? While there’s particularly nothing wrong with naming it something pertaining to you or your business you might consider a more generic name to prevent any targeted attacks based on what they know about you. I recommend not using the defaults that come in the system and you can randomly generate an SSID that you and your employees will know. Personally, my SSID is my domain website for additional marketing reasons. After you have determined what your SSID will be, you will want to set a hard to guess password. I often find people using something familiar or similar to their business which is not a good security practice. However, you can use something similar to your business with something random and include capitals, lowercase, numbers, special characters, all within a passphrase. The more characters it has the more secure it will be. However, this will be a challenge for special devices such as printers that may be hard to enter. If possible, I recommend your printers and similar devices be hardwired versus wireless but I know this isn’t always practical or cost effective. This is where the WPS feature will come in handy. The WPS feature allows you to press a button on your printer, and on your Wi-Fi router to establish a connection.
Although allowing guests and personally owned devices access through a guest network is beneficial to you, it may not always be the best secure way. If you can, I would recommend having a separate wireless router that is attached to the outside of your local network for security purposes. Setting up a guest network is easy, and you should always ensure that each device is isolated in its own network. Most wireless devices will have that setting on by default. Be sure that your guest network is also password-protected. This will prevent Unwanted and unnecessary access and bandwidth utilization.
Next you will want to be sure to change the default admin login for your router. If possible, I always recommend creating a new user instead of using the default admin username. The reason for changing the defaults is that most routers will have a label on the bottom with how to access the router. If someone gains physical access or wants to be malicious all they have to do is take username and password from the bottom and change settings on their own or access the main network that is less restricted.
Remember, if you do create a new admin user be sure to disable the default or change the password of the default. Again, make sure that the password is properly secured using capitals, lowercase, numbers, and special characters. The longer the password the harder it is to guess or crack.
Take the time to review the security section to ensure the firewall is turned on, intrusion prevention is setup, if possible, DOS attack prevention, and access controls. If it has the ability to block websites, you might consider certain websites to block such as social media sites email sites and other things that do not pertain to your business or personal life. While most like to set up the firewall to allow all traffic out and block most or all inbound traffic, you should strongly consider blocking outbound ports and services that you do not need. This will help ensure if a computer is compromised it cannot send data that it should not send outside your network.
For more advanced security you might consider restricting the number of devices that can connect to your network at one time. If you only have 15 devices you might consider restricting it to only allow 15 devices to connect or give a little buffer. However, this may create additional administrative trouble when trying to figure out why something can’t connect to your network as you grow.
You might also consider setting up a schedule to disable Wi-Fi when there is no reason for anything to connect to it after hours.
Once you have all your settings the way you want them, it is good practice to back up your configuration should you need to restore it to the way you had it in a working state for the future. If your wireless router does not have a method for backing up, you might take screenshots of your critical settings.
One other security measure is to consider changing your Wi-Fi access password regularly to prevent unwanted access. Especially, if a former employee had access to your main Wi-Fi. This is why most of your employees should only be allowed to use the guest Wi-Fi with their personal devices and if possible, do not share your corporate WiFi passwords with everyone.
For further information or assistance with setting up security on your WiFi routers, please contact us at 918-638-9949