Skip Links

5 Wi-Fi security myths you must abandon now

Save yourself and your friends from these outdated or inaccurate security techniques, and learn the current best practices.

By Eric Geier, PC World
October 07, 2013 10:37 AM ET

PC World - Wi-Fi has evolved over the years, and so have the techniques for securing your wireless network. An Internet search could unearth information that's outdated and no longer secure or relevant, or that's simply a myth.

[ALSO: Debunking four mobile security myths]

We'll separate the signal from the noise and show you the most current and effective means of securing your Wi-Fi network.

Myth No. 1: Don't broadcast your SSID

Every wireless router (or wireless access point) has a network name assigned to it. The technical term is a Service Set Identifier (SSID). By default, a router will broadcast its SSID in beacons, so all users within its range can see the network on their PC or other device.

Preventing your router from broadcasting this information, and thereby rendering it somewhat invisible to people you don't want on your network, might sound like a good idea. But some devices--including PCs running Windows 7 or later--will still see every network that exists, even if it can't identify each one by name, and unmasking a hidden SSID is a relatively trivial task. In fact, attempting to hide an SSID in this way might pique the interest of nearby Wi-Fi hackers, by suggesting to them that your network may contain sensitive data.

You can prevent your router from including its SSID in its beacon, but you can't stop it from including that information in its data packets, its association/reassociation requests, and its probe requests/responses. A wireless network analyzer like Kismet or CommView for WiFi, can snatch an SSID out of the airwaves in no time.

Disabling SSID broadcasting will hide your network name from the average Joe, but it's no roadblock for anyone intent on hacking into your network, be they an experienced blackhat or a neighborhood kid just goofing around.

Myth No. 2: Enable MAC address filtering

A unique Media Access Control (MAC) address identifies every device on your network. A MAC address is an alphanumeric string separated by colons, like this: 00:02:D1:1A:2D:12. Networked devices use this address as identification when they send and receive data over the network. A tech myth asserts that you can safeguard your network and prevent unwanted devices from joining it by configuring your router to allow only devices that have specific MAC addresses.

Setting up such configuration instructions is an easy, though tedious, process: You determine the MAC address of every device you want to allow on your network, and then you fill out a table in the router's user interface. No device with a MAC address not on that table will be able to join your network, even if it knows your wireless network password.

But you needn't bother with that operation. A hacker using a wireless network analyzer will be able to see the MAC addresses of every computer you've allowed on your network, and can change his or her computer's MAC address to match one that's in that table you painstakingly created. The only thing you'll have accomplished by following this procedure is to waste some time--unless you think that having a complete list of the MAC addresses of your network clients would be useful for some other purpose.

Originally published on www.pcworld.com. Click here to read the original story.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News