4.5. Best Practices

⁠4.5. Best Practices

Change passwords on routers/AP - Wireless routers and access points ship with a default password (such as "admin", or "password") for their configuration interface. Attackers have access to the default usernames and passwords for most models on the market today. Change this default password to a complicated one so that an attacker can not gain access to the configuration pages and change settings, simply by knowing the default password of your particular model.
Change the default SSID - The SSID represents the network name. Attackers also know the default SSID of most wireless devices, and leaving the SSID at the default value reveals information about your network and could give an attacker the opportunity to perform exploits on the device, or otherwise use the knowledge of the model/make of the device to their advantage. It is also a good idea to change the SSID on a regular basis.
Use WPA or WPA2 - As described in Section 4.2, “Wired Equivalent Privacy (WEP)”, WEP is considered a poor solution for wireless encryption. Using WPA or WPA2 with a strong, complicated key using the AES algorithm is recommended.
Change keys regularly - Keys should be changed regularly. Re-generate your encryption key from within the configuration interface of the access point if possible, or use online generators like the one available here: http://www.speedguide.net/wlan_key.php
Disable DHCP - Many routers and access points include a DHCP (Dynamic Host Configuration Protocol) server, which distributes IP addresses to wireless stations - an IP address is essential for a computer to communicate on the Internet. If your router or access point supports it, consider disabling the internal DHCP server and manually assigning IP addresses to allowed clients. This may deter some attackers who might not be able to otherwise discover the IP address range or types in use.
Enable the router's firewall - As with any connection to the Internet, a firewall will help filter and block unwanted connections, and you should enable it if available.
Client-side security - Continue to follow good system security practices; use updated anti-virus and anti-spyware/malware software, use firewalls, disable unnecessary services, and install the latest patches and updates from your operating system vendor.

Some of the recommended practices when configuring a wireless network may not stop an experienced attacker on their own, however using several security methods as part of a layered approach will help maintain the security of your network and protect your data. Again, security is a process, not a single product.