As business IT experts we always help our customer to keep their device software up to date, as we believe this is part of a sound network security strategy. In this article I would like to point out 6 most important advices when it comes to business WiFi security.
1. Use Complex Login Credentials
I get it – no one likes being told what to do, and when you manage many devices throughout a large network, it’s tempting to stick to the default credentials or use the same simple, easy to remember username and password combination on each and every one of them. But this is one of, if not the most common ways in which your devices and your network can be compromised.
Modern versions of Ubiquiti software setup will prompt you to use reasonably-complex credentials in an attempt to avoid the use of default or simple credentials. By prompting the use of a complex set of credentials that meet defined character requirements, airOS attempts to help you secure your network devices without having to think about it. Please remember it’s recommended not to allow your browsers to remember your passwords even if you are managing a large number of devices.
2. Remove Public Access
There are many different approaches to network design, and many varied and complicated edge cases that I can’t cover here in enough detail. But, a good general piece of advice on securing the network is to limit access to the management interfaces of your network devices. Only those who are supposed to operate these devices should be able to access them; any devices that are accessible on the public internet are a prime target for attacks from outside.
In cases where you have to have them publicly accessible, consider limiting management access to these devices such that only people within your private network can access them.
3. Disable or Block Unused Features
Not using Telnet? How about HTTP? The functions of both of these protocols, just to take two examples, can be performed with more modern, secure protocols. If you are not using them or other protocols which can communicate with external devices, turn them off. This can be done in two ways: first, disable the protocol or the feature that uses it on the network device itself.
Second, block these protocols at the border of your network using a firewall. After all, if you are not using Telnet for example and yet Telnet traffic is repeatedly trying to enter your network, addressed to part of your network infrastructure, it is a solid sign someone is attempting to gain access to that device.
4. Use Secure Protocols
Look at anywhere you are using HTTP in your network operations today. HTTP is unencrypted, and if a man in the middle were positioned correctly, he may be able to intercept your credentials and use them to attack your network infrastructure. This is obviously something we want to avoid, so where a secure alternative such as HTTPS is available, make sure it is used.
Once usage of the secure protocol is established, as mentioned above it is prudent to disable the insecure protocol to protect your network. This combination of secure protocols and the removal of insecure protocols will greatly reduce your attack surface and threat vulnerability.
5. Keep your Software Up to Date
Check regularly to make sure the software operating on all of your network devices is up to date. Many releases contain security fixes, and it is best practice to keep up to date. Updates for all Ubiquiti products can be found in their respective ubnt.com/downloads section and on their community forum section.
6. Block by Default
This is more of a mindset than a specific piece of configuration or a feature; but to improve your network security now and in the future, don’t think ‘what do I need to block’; it is more effective to think instead ‘what do I need to allow’. If you allow only the protocols, connections and users you need to, the opportunities for forgetting things you should’ve blocked are much smaller.
This is far from an exhaustive list of network security advice, but I’ve personally found these few points very helpful in both designing and operating our customer’s networks. If you aren’t doing all of these today, take a look and see what you could be doing to quickly and easily improve your network security. If you find it difficult to setup using your current WiFi devices consider changing them to UBNT devices that you can easily find in our online store.
Have a great day!