Kevin’s article pointed out that disabling WPS is essential. However, it appears that in most cases that either there is no ability to turn it off, or the switch has no effect (in Linksys, for example). So if you want to secure yourself, here is a guideline of what you may be able to do to mitigate the problem:
- Locate the make and model of your wireless access point or router (whichever device provides your wireless services) and jot it down.
- Locate your router or wireless access point in this list of devices and review the status of vulnerability and vendor patch
- If you find yourself vulnerable and are able to successfully turn it off, that’s the best-case scenario.
- If you find yourself not having an option to turn off WPS, but you want to protect your network from potential intruder access, you have two options:
- Turn off your router or access point (and therefore have no wireless usage at all)
- Replace your router with a non-vulnerable unit
Although Apple is so far been strangely silent on this, our own testing and that of others shows that WPS pin-based is only on if the light is Blue, which in turn is turned on using the Airport Utility. This is good security by design and is the reason why our recommendation for home and SOHO routers/access points should be replaced with Apple Airport devices. This recommendation is limited to areas that are typically served by one or two access points and do not require enterprise management functions.
Meraki not vulnerable
Nerds On Site has been a proud partner of Meraki, wireless network equipment provider of choice for SME and Corporate clients that require a little more than a SOHO wireless infrastructure. Fortunately Meraki products do not have WPS functions at all and therefore are not vulnerable to this WPS concern.
Why do I care if someone intrudes on my network?
I actually personally met a successful business person this week (let’s call him Bill) who admittedly didn’t care if his network was breached, until I pointed out the dangers (and I’m sure there are more):
- His network and Internet access could be used by a criminal to carry out criminal activities while Bill will carry responsibility as his Internet connection was used
- Casual sniffing of his activities online can be captured and in a short while enough data can be gathered to steal his identity or anyone’s identity using his network
- Any equipment that hosts data of any sort is much more vulnerable to attacks “from the inside” when your network is widely accessible
How have you secured your wireless network? Any other comments/questions?