As WiFi networks grew in popularity at the end of the nineties, one of the first types of WiFi security was Wired Equivalent Privacy (WEP). This security protocol was highly ineffective and quickly compromised by eavesdroppers. Using WEP is not only far inferior to a wired connection but is effectively the same as using no security by today’s standards. It wasn’t long after WEP was released that the IEEE introduced WiFi Protected Access (WPA, IEEE 802.11i). This was replaced by the next version, WPA2 in 2004. As a cabler installing home networks, you will have likely come across WPA2, a security protocol with higher encryption, which requires testing and certification by the WiFi Alliance. Any device that displays the WiFi Alliance logo (see Figure 1) is proof it has been tested and certified.
While WPA2 is recommended over WPA and WEP, it is not as secure as the latest implementation, the WPA3 standard, which was released in 2018. WEP3 contains improvements to protect passwords and has been designed to simplify the process of setting up devices with no display interface. In the unlikely event that you come across an old router which has been set to use WEP for the WiFi network, it would be wise to recommend the device be changed to use the WPA2 protocol at a minimum, which will be supported by most WiFi devices, but ideally WPA3 and WPA3-certified hardware whenever possible. In the case that the device supports only WEP, it would be wise to advise that the device is replaced with a newer router.
When working in a customer’s home you may be asked to configure WiFi security for a home network. This will need to be set up on the Wireless Access Point (WAP) which is generally integrated into the modem router (or ‘home gateway’). Figure 2 shows a typical interface where the WiFi is set up.
To access the WiFi admin page as per above, you will need to log onto the modem router’s browser admin page – the address and login details are generally printed on the underside of the device (see Figure 3). From a security point of view the default username and password that comes with the device should be changed and recorded somewhere for future reference.
Within the WiFi settings, you will see there are two WiFi network frequencies available, 2.4GHz and 5GHz – and each have their strengths and weaknesses. The 2.4GHz frequency has the greatest range out of the two, with a better ability to penetrate the WiFi signal through walls and objects. 5GHz, by contrast, can provide faster speeds to nearby devices, but has more difficulty penetrating through walls and objects. Some modems allow the user to manually select which frequency they would like to use for each device, while other modems automatically will select a frequency based on environmental conditions. If the customer has a large house, there’s no guarantee the 2.4GHz and 5GHz WiFi signals will reach all parts of the home and cabling services or the installation of additional Wireless Access Points or extenders may be needed (click here to read more about how to overcome these WiFi issues).
When setting up a WAP, you will need to assign a SSID (Service Set IDentifier, which is the unique name of the network) and a security key (also known as a password or pre-shared key) for each of the two network frequencies. Note, most modem routers are supplied with a default SSID and security key, which is usually printed on the bottom of the device (see Figure 3). The most secure SSID is one that doesn’t contain the any personally identifiable information (e.g. don’t use “Johnson’s house”) and the most secure passwords are 8 characters or more, containing numbers, upper and lowercase letters, and even “special” characters such as ‘#’ or ‘$’.
An SSID can also be hidden for even greater anonymity. This can be achieved by disabling the “enable SSID broadcast” option within the settings on the admin page. Note, when this is active it allows the gateway’s WAP to broadcast the SSID. Therefore, when this option is turned off, the user will connect to the network by selecting “Hidden Network”, see Figure 4.
Once the user clicks on “Hidden Network” they will see the window shown in Figure 5.
For added security, a home network can be configured to have a “guest network”. A guest network provides internet access to any device connected to it, however the other devices on the home network will not be visible. Any devices on the Guest Network will not have access to files, data, smart home devices or any personal information stored on the home network. This also helps protect the home network from security threats, such as malware, that could spread to other computers in the home.
Knowing how to set up wireless networks safely and securely is a valuable add-on to onsite cabling work. It is a skill that is very much in demand these days and, in summary, WiFi security involves:
- Changing the default usernames and passwords on the WAP
- Setting up both a home network and a guest network
- Using WPA2 or WPA3 security
- Using a hidden network, i.e. not broadcasting the home network’s SSID