Small Wireless Network Security | CompTIA Tech+ FC0-U71 | 6.5

In this post, we’re going to walk through how to configure security settings for a small wireless network.  For the CompTIA Tech+ exam, understanding how to secure a wireless network is essential.  By the end of this video, you’ll know how to configure key settings like changing the service set identifier (SSID), changing the default password, and understanding the difference between encrypted and unencrypted networks, including open networks, pre-shared key (PSK) networks, and the different wireless security standards such as WPA, WPA2, and WPA3.

Changing the SSID

One of the first things you should do when configuring a wireless network is to change the SSID.

What is an SSID?

  • The Service Set Identifier (SSID) is simply the name of your wireless network.  It’s what users see when they search for available WiFi networks on their devices.  The SSID is used to differentiate your network from others in the area.

Why Change the SSID?

  • By default, most wireless routers come with a standard SSID like “Netgear” or “Linksys”.  Keeping the default SSID is a security risk because attackers can easily identify the brand of router you’re using, which may give them information about possible vulnerabilities.
  • Changing the SSID adds a layer of obscurity.  While it won’t stop a determined hacker, it prevents your network from being an easy target.

How to Change the SSID

  • Log into your router’s web-based configuration page.  This is usually done by typing the router’s IP address (like 192.168.1.1) into a web browser.
  • Enter the admin credentials.  These are often found on the router itself or in the user manual.
  • Navigate to the Wireless Settings section, where you’ll see the option to change the SSID.
  • Choose a unique SSID that doesn’t give away personal information or the router’s make/model.
  • Save your settings & reconnect devices using the new network name.

By changing the SSID, you reduce your network’s visibility to potential attackers.

Changing the Default Password

Another critical step in securing your wireless network is to change the default password.

Why is Changing the Default Password Important?

  • Most routers come with a default admin username and password like “admin/admin” or “admin/password”.  These default credentials are widely known and often listed in online databases, making it easy for attackers to gain access.
  • Once an attacker has access to your router’s admin page, they can change your settings, monitor network traffic, and even lock you out of your own network.

How to Change the Default Password.

  • After logging into your router’s admin page, find the Administration or Security Settings section.
  • Change both the admin username and password to something more secure.
  • A strong password should include a mix of uppercase and lowercase letters, numbers, and special characters, and it should be at least 12 characters long.
  • Save your settings.

Changing the default password ensures that your router’s configuration settings are protected against unauthorized access.

Encrypted vs. Unencrypted Networks

Next, let’s discuss the difference between encrypted and unencrypted networks.

Unencrypted (Open) Networks

  • An open network does not require a password to connect.  Anyone within range can connect to your WiFi.
  • While open networks are convenient, they are insecure because the data transmitted between the user’s device and the router is not encrypted.  This means that anyone within range can potentially intercept and view your data, including sensitive information like passwords and personal details.

Encrypted Networks

  • Encrypted networks require a password, and data transmitted over the network is protected using encryption protocols, which scramble the data so that it cannot be easily read by attackers.
  • There are several types of encryption protocols you should be familiar with:  WPA, WPA2, and WPA3.

Let’s break down each of these encryption methods.

Pre-Shared Key (PSK) Encryption

The pre-shared key (PSK) model is used in home or small business networks and is simple to configure.

What is PSK?

  • In a PSK model, the network uses a shared password to authenticate devices.  This means all users must know the same password to connect to the network.

Setting Up PSK Encryption

  • In your router’s Wireless Security settings, you’ll see options for encryption types, such as WPA, WPA2, or WPA3.  Select the option for PSK (also referred to as WPA-PSK or WPA2-PSK).
  • Enter a strong, unique password that users will need to connect to the network.
  • Save your settings.

PSK encryption is easy to set up, but keep in mind that all users share the same password, which can be a security risk if the password is leaked or shared with unauthorized users.

Wireless Security Standards (WPA, WPA2, WPA3)

Now, let’s talk about the different wireless encryption standards:  WPA, WPA2, and WPA3.

  • WPA (WiFi Protected Access)
    • WPA was introduced as a temporary fix for weaknesses in WEP (Wired Equivalent Privacy).  It uses TKIP (Temporal Key Integrity Protocol) to improve security.
    • However, WPA is now considered insecure by modern standards and is not recommended for use in most cases.
  • WPA2 (WiFi Protected Access 2)
    • WPA2 became the standard for wireless security in 2004 and is still widely used today.
    • It uses AES (Advanced Encryption Standard), which provides encryption that is highly secure.
    • WPA2-PSK is the most common setup in home networks and offers a good balance of security and usability.
    • If your router supports WPA2, this is the most recommended setting for most users.
  • WPA3 (WiFi Protected Access 3)
    • WPA3 is the newest and most secure wireless encryption standard, introduced in 2018.
    • It offers a stronger encryption with individualized data encryption, meaning even if a password is compromised, it’s much harder for an attacker to intercept data.
    • WPA3 also improves security for public, open networks by using Opportunistic Wireless Encryption (OWE), which encrypts connections even without a password.
    • If your router and devices support WPA3, it’s the best choice for enhanced security.

Configuring Wireless Security Settings (Step-by-Step)

Now, let’s walk through the process of configuring your wireless network for maximum security.

  • Access Your Router’s Admin Page
    • Open a web browser and enter your router’s IP address, typically something like 192.168.0.1 or 192.168.1.1.
    • Log in using the admin credentials (change these immediately if they are still set to the default).
  • Change the SSID
    • Navigate to the Wireless Settings section and change the SSID to a unique name.  Avoid using personal information in the SSID.
  • Set Up Encryption (WPA2 or WPA3)
    • Go to the Wireless Security section.
    • Select either WPA2-PSK or WPA3-PSK for encryption.
    • Create a strong, complex password for your network.
    • If your devices support WPA3, select this for better protection.  If not, WPA2 is still secure for most small networks.
  • Change the Admin Password
    • In the Administration or Security Settings section, change the router’s default admin password to something strong and unique.
  • Save & Reboot
    • After making these changes, save your settings and reboot the router if necessary.  Ensure that all devices reconnect using the new SSID and password.

Conclusion

Securing a small wireless network requires a few essential steps:  changing the SSID, updating the default password, and configuring strong encryption like WPA2 or WPA3.  By taking these steps, you protect your network from unauthorized access and ensure that your data remains private and secure.  Remember, open networks or older encryption protocols like WPA are not recommended due to their vulnerabilities.

Now you should feel confident configuring security settings for a small wireless network.  This knowledge will not only help you on the CompTIA Tech+ exam but also in real-world scenarios when setting up your home or business WiFi.