In this section, we'll discuss how to configure your wireless security features on your access point and wireless router so that you can secure your network.

For this exercise, I am using a Linksys EA6350 wireless router. Please note that all wireless routers and access points have the same features within their management interface; however, the graphical user interface (GUI) for each manufacturer and device may vary.

Let's get started!

1. You'll need to log in to your access point or wireless router.
2. Once logged in, click on the Wireless tab within the user interface. Here, you'll be able to change the network name (SSID), set a complex password, set a security mode, and broadcast the SSID, as shown in the following screenshot:

Using the following guidelines will assist in improving the security posture of your wireless network:

• • Change the SSID (network name) to something that won't attract prying eyes.
  • Hide (broadcast) the SSID.
  • Create a complex password. If you're having difficulties, try using an online password generator.

Each modern access point and wireless router allows various security modes, such as the following:

• • None: Disables authentication.
  • WEP: Uses the WEP encryption standard.
  • WPA Personal: Uses the WPA encryption standard and allows you to set a pre-shared key (PSK) on the access point. Therefore, any device that requires access to the wireless network will be required to provide the PSK.
  • WPA Enterprise: This mode applies the WPA encryption standard, but note that the access point stores user credentials in WPA Personal. WPA Enterprise queries a central authentication, authorization, and accounting (AAA) server to verify user access on the wireless network.
  • WPA2 Personal: Uses the WPA2 encryption standard.
  • WPA2 Enterprise: Uses the WPA2 encryption standard with the AAA server.

You can choose to disable the SSID broadcast to cloak your network.

3. Next, you should see another sub-tab that allows you to configure MAC filtering.

4. Enable the MAC filtering feature. Once enabled, you'll have the option to add MAC addresses to an allow or deny list, as shown in the following screenshot:

5. Lastly, disable the Wi-Fi Protected Setup feature, as shown in the following screenshot:

WPS has known security vulnerabilities and should not be used in secure environments.

Having completed this exercise, you are now able to configure and set up a wireless network. In the next section, we will look at the essentials of exploiting perimeter systems.