I need to create a key for a wireless router, and want to make sure it's as secure as possible. Are there any best...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
practices I should follow to make sure my wireless keys are sufficiently secure?
Absolutely. Generally speaking, you should strive to follow similar practices when selecting and implementing a Wi-Fi security key as you would when selecting any other password that protects sensitive information. Some good wireless key security guidelines include:
● Choose a key that is at least eight characters long.
● Don’t use a key that is based upon a dictionary word.
● Use a mixture of uppercase letters, lowercase letters, digits and symbols.
● Change your key periodically and whenever anyone with access to it leaves the organization.
In addition to choosing a strong password, you need to be certain you’re using strong wireless encryption. While devices you buy on the store shelf today are generally preconfigured to use the secure Wi-Fi Protected Access (WPA or WPA2) encryption technology, many older devices require you select it explicitly. You should avoid, at all costs, the use of the older Wired Equivalent Privacy (WEP) encryption algorithm. WEP security is fundamentally flawed and even an unskilled attacker can gain access to your WEP-protected network in a matter of seconds; free tools available on the Internet, such as AirCrack, can be used maliciously with little or no training to retrieve your WEP encryption key by doing little more than monitoring your network for a short period of time.
There’s one other issue you should consider: Are you sure using a shared security key is the best solution for your environment? In anything other than the smallest business, you probably want to consider the use of WPA Enterprise instead of a shared secret key. The enterprise wireless networking option leverages an existing authentication infrastructure to allow users to sign in to the wireless network with their own username and password. This way, when a user leaves the organization, you only need to disable his or her account and not change the wireless encryption key on every device on your network.
Related Q&A from Mike Chapple
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.continue reading
An SEC report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at ...continue reading
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.