To borrow a quote from "The Good, the Bad and the Ugly," "There are two kinds of spurs, my friend. Those that come in by the door; those that come in by the window." Those spurs that come in by the window probably don't belong there and mean no good. That's why you want to have a secure network — to limit the number of Wi-Fi "windows" in your house or business.
That's why one of our specialists in our Managed Network Services department has written this instructable to help you keep them bad spurs out, if you will.
Most of us have wireless routers in our homes. We take them out of the box, follow the simple setup and leave it at that. We might even do this at our small business, but doing so opens us up to network security issues. Let’s take a deeper dive into that security.
Types of Wi-Fi security
-WEP Wired Equivalent Privacy — Highly vulnerable and easily compromised (the FBI gave a demonstration in 2005 of cracking a WEP passkey in minutes. Imagine how fast we can do it now).
-WPA Wi-Fi Protected Access — Created by the Wi-Fi Alliance as a replacement for the weak WEP standard. Uses TKIP or AES encryption, TKIP was meant as an easy upgrade to WEP but unfortunately has some of the same weakness that can be exploited. If you use WPA encryption, be sure you are using AES encryption.
-WPA2 Wi-Fi Protected Access II – Much the same as WPA but defaults to AES encryption however TKIP is still present as a fallback option.
Best setups for Wi-Fi Security:
Note: Your network should never be completely unsecured.
Let’s take a look at the wifi security in my UniFi AP that I use at home for wireless access. (Keep in mind, your router may differ.)
Log into your wireless router’s web interface (this should be somewhere in your router documentation probably a URL that looks something like https://192.168.x.x ).
Look around and find your wireless security options.
Here’s what mine looks like:
As you can see, I’m using WPA for security (the blue box) and my WPA mode (lets me choose between WPA, WPA2 or Both) is set to both to allow older devices that only support WPA to use my wireless. Also in the Orange box you can see my Encryption is AES only.
On your Android, device grab an app called Wi-Fi Analyzer open it up and it will scan all the wireless networks around you and tell you the channels they are running on.
As you can see, there are Wi-Fi networks running on channels 4 and 11, meaning if we are setting up a new Wi-Fi network, we would want to use channel 7 or 8 to cause the least amount of conflicts.
Again, here’s a screenshot of my Wi-Fi setup at home:
As you can see, if I wanted to broadcast on channel 7 or 8, I just need to click the drop down menu by channel and change the 11 to 7 or 8. It is very likely that you have a lot more networks broadcasting around you. Just try and overlap as few as possible using the Wi-Fi analyzer tool.
What's this HT20?
Now, lets talk about the HT20 in the picture above. That stands for the 20Mhz — basically, how fast we can transfer something. 20 or 40 Mhz is the standard for most routers (though some new AC routers support 60Mhz). The thing to remember about this is the wider you set the channel, the easier it is for something to interfere with your network. Turn it up to 40 and if you experience any service degradation, lower it back to 20.
Thanks for reading and hopefully this provides you some help in fixing up your wi-fi.
If you need any network services for your small or medium-sized business, give our IT people a call at 405-943-9800 or fill out this form.