Countermeasures Against Default Configuration Settings Hacks

By Kevin Beaver

Similar to wireless workstations, wireless APs have many known vulnerabilities to hacking attacks. The most common ones are default SSIDs and admin passwords. The more specific ones occur only on certain hardware and software versions that are posted in vulnerability databases and vendor websites. Many wireless systems still have WEP and WPA disabled by default as well.

You can implement some of the simplest and most effective security countermeasures for Wi-Fi — and they’re all free:

  • Make sure that you change default admin passwords and SSIDs.

  • At a minimum, enable WPA2. Use very strong pre-shared keys (PSKs) consisting of at least 20 random characters or use WPA/WPA2 in enterprise mode with a RADIUS server for host authentication.

  • Disable SSID broadcasting if you don’t need this feature.

  • Apply the latest firmware patches for your APs and Wi-Fi cards. This countermeasure helps to prevent various vulnerabilities to minimize the exploitation of publicly known holes related to management interfaces on APs and client-management software on the clients.