Jordan Gloor / How-To Geek

There are a lot of Wi-Fi security tips that sound great on paper, but don't secure your Wi-Fi network against intrusion. Skip them and focus on these security-enhancing tips and tricks.

Like anything related to computer and network security, quite a few oft-repeated Wi-Fi security tricks dont help at all. Here are the tips and tricks you should avoid and an equal number you should be sure to use.

Lets start by looking at the tips and tricks that dont do much (or anything) to secure your home Wi-Fi network.

One thing worth noting before we dig in is that not only do these tips do little-to-nothing to make your network more secure, they can make it a hassle for you and everyone else in your household to use the network. So its best just outright to skip them instead of trying them out with a Well, it cant hurt, right? attitude.

If there were an award ceremony for bad security tips, the advice to hide your Wi-Fi networks name (the SSID, or Service Set Identifier) would surely be the lifetime achievement award winner.

The popularity of the tip hinges on how cool it seems, not how effective it is in the real world. At first glance, turning off the SSID broadcast for your router seems like it would put your Wi-Fi router into some sort of stealth mode, like donning an invisibility cloak.

But in reality, turning off the SSID doesnt do anythingand only hides your network from people who wouldnt have the skill set to break into your network in the first place. And, worse yet, it just makes it inconvenient to use your own home network.

While theres nothing wrong with changing your Wi-Fis SSID as part of a general refresh of your setup and security settings, just changing it from SomeWirelessNetwork to SomeOtherWirelessNetwork wont do much.

Its about as effective, security-wise, as taking off a name tag at a social mixer and putting a new name tag on. Anybody paying attention wont be fooled.

MAC (Media Access Control) addresses are unique addresses assigned to network interface controllers. The MAC address has been around since the early days of Ethernetit was part of the Xerox Network Systems networking protocol suite back in the 1970s.

Many routers support a MAC address whitelist (only addresses you add can connect) and blacklist (these devices can never connect). MAC address filtering was never a great security measure in the first place because its easy to spoof MAC addresses. Its an even less useful tool now that so many devices, like phones and laptops, automatically randomize their MAC addresses to increase user privacy.

The Best Tech Newsletter Anywhere

Join 425,000 subscribers and get a daily digest of features, articles, news, and trivia.

By submitting your email, you agree to the Terms of Use and Privacy Policy.

So theres no point in using MAC address filtering to secure your home network. Youll waste a bunch of time managing the lists and anyone trying to gain access to your network will just spoof an approved device or bypass your security another way.

Your router has a function called Dynamic Host Configuration Protocol (DHCP). Every device that connects to the wireless network and the physical Ethernet ports on the router or connected network switches automatically gets a network address assigned with no effort on your behalf.

For as long as there have been DHCP servers, there has been a persistent old wives tale about how disabling the DHCP server makes your network more secure. At best, it might slow an attacker down by a few minutes. But the trade-off is that you slow down a theoretical attacker by a few minutes in exchange for slowing down your workflow for many, many minutes over the networks lifetime.

Do you know who becomes the DHCP server when there is no DHCP server? You do. Its a huge waste of time to turn off your DHCP server and manually manage every assignment.

There is a time and place for manually assigning a static IP address to devices on your network. If youre self-hosting services, it just makes sense to give your home backup server or a Minecraft server a static IP address so that whatever port forwarding rules you have in place for that service always point to the right thing.

But using static IP address assignments for every single device on your network to increase security is just a hassle with no real benefit. Save the static IP address assignments for the times static IP addresses make sense, like assigning a static IP to a server or to a particular device that inexplicably wont play nice with your routers DHCP server.

By all means, use a good password for your Wi-Fi router. Dont use your name, your dogs name, password, qwerty1234, or other easily guessed or weak passwords.

But barring using a password so short and weak that a child could guess it, your Wi-Fi network likely will not be compromised because of the length of your password (but instead because of vulnerabilities in the hardware, firmware, or encryption standard used).

Wi-Fi passwords can be up to 63 characters long, but practically speaking, theres not much difference between a passphrase like WiFi Is Awesome! and FrK4QgJ#RDnw0e1c3v7F4$8K0%Rf0j except how much it frustrates you to type the latter into your smart TV using the remote. Whether your Wi-Fi password has enough entropy to require decades of brute-force computation to crack or billions of years of brute-force computation to crack just doesnt matter.

If the tips in the last section do little-to-nothing to secure your Wi-Fi network, what will? Fortunately, for all the Wi-Fi security tricks of dubious usefulness, there are tips that will actually improve your Wi-Fi security.

Better yet, unlike the pseudo-tips in the last section that make it a hassle to use your Wi-Fi network, these tips will lock things down without giving you (and everyone else in your household) a headache.

Hands down, the biggest home network vulnerability is using ancient hardware. If your Wi-Fi router was released over five years ago, its time to replace it. It takes about five years or so for Wi-Fi technology to refresh significantly and for manufacturers to stop releasing updates for routers.

If your Wi-Fi router is a mid-2010s model, an update is long overdue. It doesnt support current Wi-Fi standards, it doesnt support the best Wi-Fi encryption, and it likely has permanent vulnerabilities that will never be patched via updates because it hit its end-of-life date years ago.

Security concerns aside, the quality of life improvements that come with updating your router to current Wi-Fi tech is so great we recommend people update their routers even if they dont have super fast broadband and consider an up-to-date router more important than gigabit internet.

We get wanting to save money, but if you want to save money on tech, then do so by using your old iPad for as long as it gets updates or keeping your smartphone for an extra year before upgrading. Dont skimp on your router. The role it plays in managing and securing your network is too important.

If youre anything like the average person, there is a good chance youve been using the same network name and password for your Wi-Fi router for ages, even carrying it forward to new routers. We get itif you do that, then you dont have to worry about resetting the Wi-Fi settings on dozens of devices around your home.

But if youre getting serious about Wi-Fi security after a long stretch of not really giving it a second thought, one of the best ways to do that is to start fresh. Setting up your network from scratch is the surest way to kick everyone that doesnt belong off your network and ensure only the devices and people you want have access.

Its a hassle, sure, but if youre taking the time to overhaul the security of your Wi-Fi network, then its worth doing it right.

Updating your routers firmware is one of the simplest ways to ensure your Wi-Fi network is secure, yet most people buy a router, plug it in, and never update the firmware.

If youve never done so, take a moment to search for your routers model number and see what the firmware update process is. If the manufacturer has current firmware updates, install them. And if the last update was years ago, you should consider upgrading your router.

At this point, in early 2023, there is no good reason to use deprecated Wi-Fi security standards. WEP, WPA, and WPA2-TKIP are all insecure and should no longer be used. Using older Wi-Fi security standards that can be easily cracked with readily available tools is just asking for trouble.

You should instead use WPA2-AES, which has not yet been deprecated, or, better yet, WPA3 if all the devices on your home network support it.

If youre not already using the guest network function on your Wi-Fi router, you should start doing so immediately. Guest networks used to be a fairly uncommon router feature, but now are found on everything from premium to budget models.

Guest networks solve a variety of problems but, most importantly, make it easy to keep your main network secure by handing out what amounts to a temporary password to visitors. When youre setting yours up, be sure to follow this checklist to avoid common issues.

As a general rule, you should disable any features on your Wi-Fi router you are not actively using, especially if those features have known vulnerabilities. Such is the case with both Wi-Fi Protected Setup (WPS) and Universal Plug and Play (UPnP). While they can make setting up devices and services on your home network more convenient, both have known vulnerabilities.

Youll have to log into your router to disable WPS and UPnP (as well as follow the tips above), so while youre in there is a perfect time to review our list of dangerous Wi-Fi router settings and make even more adjustments to lock down your router and home network security.

And remember, you can make choices to better secure an old router, but its far better to recycle your old router, replace it with something new, and lock down a current router with update-to-date firmware instead.

Best Wi-Fi Router Overall

$260.54 $349.99 Save 26%

$53.99 $79.99 Save 33%

$341.99 $449.99 Save 24%

$349.99 $399.99 Save 13%

$129.99 $179.99 Save 28%

$442.00 $499.99 Save 12%

$38.00 $39.99 Save 5%

Read this article:
6 Tricks That Wont Secure Your Wi-Fi (And 6 That Will) - How-To Geek

WatchGuard Technologies has released findings from its most recent Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers in Q4 2022.

While key findings from the data showed declines in network-detected malware, endpoint ransomware increased 627%, and malware associated with phishing campaigns continued to be a persistent threat.

Despite seeing an overall decline in malware, further analysis from WatchGuard Threat Lab researchers looking at Fireboxes that decrypt HTTPS (TLS/SSL) traffic found a higher incidence of malware, indicating malware activity has shifted to encrypted traffic.

Since just ~20% of Fireboxes that provide data for this report have decryption enabled, this indicates that the vast majority of malware is going undetected, the researchers state. Encrypted malware activity has been a recurring theme in recent Threat Lab reports.

Corey Nachreiner, Chief Security Officer at WatchGuard, comments, A continuing and concerning trend in our data and research shows that encryption - or, more accurately, the lack of decryption at the network perimeter - is hiding the full picture of malware attack trends.

It is critical for security professionals to enable HTTPS inspection to ensure these threats are identified and addressed before they can do damage.

Other key findings from the Q4 Internet Security Report include:

Endpoint ransomware detections rose 627%. This spike highlights the need for ransomware defences such as modern security controls for proactive prevention, as well as good disaster recovery and business continuity (backup) plans, the researchers state.

93% of malware hides behind encryption. Threat Lab research continues to indicate that most malware hides in the SSL/TLS encryption used by secured websites. Q4 continues that trend with a rise from 82% to 93%.

Network-based malware detections dropped approximately 9.2% percent quarter over quarter during Q4. This continues a general decline in malware detections over the last two quarters. But as mentioned, when considering encrypted web traffic, malware is up. The Threat Lab team believes this decline trend may not illustrate the full picture and needs more data that leverages HTTPS inspection to confirm this contention.

Endpoint malware detections increased 22%. While network malware detections fell, endpoint detection rose in Q4. This supports the Threat Lab teams hypothesis of malware shifting to encrypted channels. At the endpoint, TLS encryption is less of a factor, as a browser decrypts it for Threat Labs endpoint software to see. Among the leading attack vectors, most detections were associated with Scripts, which constituted 90% of all detections. In browser malware detections, threat actors targeted Internet Explorer the most with 42% of the detections, followed by Firefox with 38%.

Zero day or evasive malware has dropped to 43% in unencrypted traffic. Though still a significant percentage of overall malware detections, its the lowest the Threat Lab team has seen in years. That said, the story changes completely when looking at TLS connections. 70% of malware over encrypted connections evades signatures, WatchGuard finds.

Phishing campaigns have increased. Three of the malware variants seen in the reports top 10 list (some also showing on the widespread list) assist in various phishing campaigns. The most-detected malware family, JS.A gent.UNS, contains malicious HTML that directs users to legitimate-sounding domains that masquerade as well-known websites. Another variant, Agent.GBPM, creates a SharePoint phishing page titled PDF Salary_Increase, which attempts to access account information from users. The last new variant in the top 10, HTML.Agent.WR, opens a fake DHL notification page in French with a login link that leads to a known phishing domain.

ProxyLogin exploits continue to grow. An exploit for this well-known, critical Exchange issue rose from eighth place in Q3 to fourth place last quarter. Old vulnerabilities can be as useful to attackers as new ones if theyre able to achieve a compromise, WatchGuard states. Additionally, many attackers continue to target Microsoft Exchange Servers or management systems. Organisations must be aware and know where to put their efforts into defending these areas.

Network attack volume is flat quarter over quarter. Technically, it increased by 35 hits, which is just a 0.0015% increase. The slight change is remarkable, as the next smallest change was 91,885 from Q1 to Q2 2020.

LockBit remains a prevalent ransomware group and malware variant. The Threat Lab team continues to see LockBit variants often, as this group appears to have the most success breaching companies (through their affiliates) with ransomware. While down from the previous quarter, LockBit again had the most public extortion victims, with 149 tracked by the WatchGuard Threat Lab (compared to 200 in Q3). Also in Q4, the Threat Lab team detected 31 new ransomware and extortion groups.

WatchGuards quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Labs research efforts. The full report includes details on additional malware and network trends from Q4 2022, recommended security strategies, critical defence tips for businesses of all sizes and in any sector, and more.

Excerpt from:
Top malware trends and security threats revealed in new WatchGuard report - SecurityBrief Australia

Data retention and encryption emerged as the most pressing issues for law enforcement in the EU governments comments on theestablishment of a High-Level Expert Group on police access to digital data.

Data retention is a long-standing issue in Europe, as governments have sought to give their law enforcement agencies to hold onto electronic data that might be relevant for investigations.

Meanwhile, EU and national courts have repeatedly struck down disproportionate data harvesting practices.

The capacity of police forces to obtain and retain electronic communications data has caused the stalling of the ePrivacy Regulation, a legislative proposal that an increasing number of countries think will never see the end of the legislative process.

In this context, European governments are discussing establishing an expert group to discuss storing and accessing data from law enforcement agencies. According to a document dated 20 March and leaked by Contexte, data retention is set to take centre stage.

The subject of data must be approached in a global and coherent manner, and not be limited to questions of access, but also preservation and exploitation, Frances commentary reads.

Estonia puts it more bluntly, stating that data retention is the basis of this whole topic. Simply put: if there is no data retained, there is no point in talking about access to data.

Lithuania and Poland both reiterated this point, calling for the group to be co-chaired by the Commission and the rotating presidency of the EU Council of Ministers.

France adds that there should be regular monitoring by the Standing Committee on Operational Cooperation on Internal Security (COSI), which ensures the cooperation on EU internal security matters, in conjunction with the justice sector.

Moreover, Warsaw also wants sub-groups dedicated to encryption and data localisation. Indeed, Paris sees both issues as playing a pivotal role in fighting criminal organisations and terrorist networks.

In addition, the French government said that rather than taking stock of existing legal cases on the issue of data retention, the new body should propose concrete guidelines to address the challenges security forces face in this area.

France also wants to define a clear mandate and precise methodology for the group to develop a common framework for data retention and access that is balanced with regard to the preventive and law enforcement needs of the member states.

Paris pointed to its attempt to establish an open dialogue with judicial authorities, civil society, data protection, national lawmakers and industry players, an example the Swedish presidency is invited to follow.

Regarding participation, several countries supported the idea of including technical experts in the group. Still, Belgium said that to do that, you have to have a profound knowledge of the involved digital technologies.

As for who should be part of this group of experts, Greece and the EU Fundamental Rights Agency (FRA) mentioned the involvement of non-constitutional actors as appropriate, but according to Greece, this should be more clearly detailed and agreed upon.

While most countries thanked the Swedish presidency for including this topic among its priorities, Warsaw mentioned that the presidencys identified areas and challenges should not be considered exhaustive.

In this regard, Slovenia pointed to the need to find practical solutions for the legal basis necessary to access to data, especially in connection to data retention and encrypted information.

The Czech Republic also emphasised that a clear legal framework is needed, for example, to distinguish legitimate calls from fakes using a combination of contact number spoofing with AI voice manipulation.

Besides data retention, the EU countries other most emphasised aspect is end-to-end encryption.

However, according to Estonia, data retention should be dealt with first, before encryption, or in parallel since it doesnt matter much if the content is encrypted if the data simply isnt there.

While they think that end-to-end (E2E) encryption should not be weakened, Tallinn admitted that it is unclear what this means.

If the service provider, court or some other institution has the key, is the E2E weaker? Perhaps we are talking about the reluctance to technical weakening of the system? In other sense, is the door weaker if someone has the key? the Estonian commentary reads.

Encryption can still pose challenges, even if the information was not subject to lawfully intercepted communication and was found using other lawful measures (e.g. house search) stored on data carrier (eg. data stored on HDD encrypted with TPM chip), said the Czech Republic.

France raised the point that access to digital evidence might become even more challenging if stored in IT infrastructure outside the EU. Sill, access to data can cause problems also in the EU, as past legal cases have shown.

Even though the European Court of Justice ruled against data retention a few weeks ago, in Germany, the debate on the topic does not seem to end. The government is still not in agreement on whether to follow a quick

[Edited by Luca Bertuzzi/Nathalie Weatherald]

Visit link:
EU countries in search of 'solutions' over data retention, encryption - EURACTIV

This special edition e-book features the views of 25 leading IP networking solution vendors on the benefits and impact of encryption, and the approaches for addressing visibility loss from emerging encryption protocols.

Over the last decade, there has been a sharp growth in the use of encryption, driven by the need for user and data privacy, increasing concerns over cyberattacks such as breaches and ransomware, and the overall ease of implementing encryption technologies. In March 2023, 93% of pages loaded on a Chrome browser on Windows were encrypted, according to Googles Transparency Report. Seven years ago, this figure was only 39%.

At the same time, advancements in encryption methodologies have led to stronger and more secure encryption protocols, such as TLS 1.3, ECH and QUIC. As these protocols evolve, we expect to see technologies such as post-quantum cryptography and homomorphic encryption emerge, which will lead to encrypted traffic being nearly impossible to decipher or crack.

These two trends in combination pose an enormous challenge to network operators as they can no longer inspect or analyze encrypted traffic using traditional network visibility tools, resulting in the inability to identify and classify the traffic traversing their networks.

This visibility gap leads to the inability to correctly execute network policies, route and optimize traffic, detect threats, generate insights and analytics, troubleshoot network issues and more. As a result, network costs increase, user experience takes a hit and ironically, network security deteriorates.

To address this lack of visibility, operators and enterprises are adopting a number of technologies, including SSL / TLS inspection, behavioral / statistical / heuristic analysis, machine learning and deep learning.

The Fast Mode spoke to 25 leading IP networking solution vendors that offer policy control, traffic management, network security, analytics and network performance management solutions, on their thoughts on:

Vendors featured in the e-book include:

Get your free copy today by filling in the download form to the right.

3d ago / Telecom White Papers / By Ray Sharma

Read more:
[E-book] Encrypted Traffic Visibility For Modern Networks - The Fast Mode