{
	"id": "637d47b0-1fea-45f8-8b1b-33f3408f9492",
	"created_at": "2026-04-06T02:12:33.491906Z",
	"updated_at": "2026-04-10T03:21:51.587564Z",
	"deleted_at": null,
	"sha1_hash": "5644b7509166043efb77342e738f066ae7a881aa",
	"title": "Securing Wireless Networks | CISA",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46974,
	"plain_text": "Securing Wireless Networks | CISA\r\nPublished: 2021-02-01 · Archived: 2026-04-06 02:05:56 UTC\r\nIn today’s connected world, almost everyone has at least one internet-connected device. With the number of these\r\ndevices on the rise, it is important to implement a security strategy to minimize their potential for exploitation\r\n(see Securing the Internet of Things). Internet-connected devices may be used by nefarious entities to collect\r\npersonal information, steal identities, compromise financial data, and silently listen to—or watch—users. Taking a\r\nfew precautions in the configuration and use of your devices can help prevent this type of activity.\r\nWhat are the risks to your wireless network?\r\nWhether it’s a home or business network, the risks to an unsecured wireless network are the same. Some of the\r\nrisks include:\r\nPiggybacking\r\nIf you fail to secure your wireless network, anyone with a wireless-enabled computer in range of your access point\r\ncan use your connection. The typical indoor broadcast range of an access point is 150–300 feet. Outdoors, this\r\nrange may extend as far as 1,000 feet. So, if your neighborhood is closely settled, or if you live in an apartment or\r\ncondominium, failure to secure your wireless network could open your internet connection to many unintended\r\nusers. These users may be able to conduct illegal activity, monitor and capture your web traffic, or steal personal\r\nfiles.\r\nWardriving\r\nWardriving is a specific kind of piggybacking. The broadcast range of a wireless access point can make internet\r\nconnections available outside your home, even as far away as your street. Savvy computer users know this, and\r\nsome have made a hobby out of driving through cities and neighborhoods with a wireless-equipped computer—\r\nsometimes with a powerful antenna—searching for unsecured wireless networks. This practice is known as\r\n“wardriving.”\r\nEvil Twin Attacks\r\nIn an evil twin attack, an adversary gathers information about a public network access point, then sets up their\r\nsystem to impersonate it. The adversary uses a broadcast signal stronger than the one generated by the legitimate\r\naccess point; then, unsuspecting users connect using the stronger signal. Because the victim is connecting to the\r\ninternet through the attacker’s system, it’s easy for the attacker to use specialized tools to read any data the victim\r\nsends over the internet. This data may include credit card numbers, username and password combinations, and\r\nother personal information. Always confirm the name and password of a public Wi-Fi hotspot prior to use. This\r\nwill ensure you are connecting to a trusted access point.\r\nWireless Sniffing\r\nhttps://us-cert.cisa.gov/ncas/tips/ST05-003\r\nPage 1 of 3\n\nMany public access points are not secured and the traffic they carry is not encrypted. This can put your sensitive\r\ncommunications or transactions at risk. Because your connection is being transmitted “in the clear,” malicious\r\nactors could use sniffing tools to obtain sensitive information such as passwords or credit card numbers. Ensure\r\nthat all the access points you connect to use at least WPA2 encryption.\r\nUnauthorized Computer Access\r\nAn unsecured public wireless network combined with unsecured file sharing could allow a malicious user to\r\naccess any directories and files you have unintentionally made available for sharing. Ensure that when you\r\nconnect your devices to public networks, you deny sharing files and folders. Only allow sharing on recognized\r\nhome networks and only while it is necessary to share items. When not needed, ensure that file sharing is disabled.\r\nThis will help prevent an unknown attacker from accessing your device’s files.\r\nShoulder Surfing\r\nIn public areas malicious actors can simply glance over your shoulder as you type. By simply watching you, they\r\ncan steal sensitive or personal information. Screen protectors that prevent shoulder-surfers from seeing your\r\ndevice screen can be purchased for little money. For smaller devices, such as phones, be cognizant of your\r\nsurroundings while viewing sensitive information or entering passwords.\r\nTheft of Mobile Devices\r\nNot all attackers rely on gaining access to your data via wireless means. By physically stealing your device,\r\nattackers could have unrestricted access to all of its data, as well as any connected cloud accounts. Taking\r\nmeasures to protect your devices from loss or theft is important, but should the worst happen, a little preparation\r\nmay protect the data inside. Most mobile devices, including laptop computers, now have the ability to fully\r\nencrypt their stored data—making devices useless to attackers who cannot provide the proper password or\r\npersonal identification number (PIN). In addition to encrypting device content, it is also advisable to configure\r\nyour device’s applications to request login information before allowing access to any cloud-based information.\r\nLast, individually encrypt or password-protect files that contain personal or sensitive information. This will afford\r\nyet another layer of protection in the event an attacker is able to gain access to your device.\r\nWhat can you do to minimize the risks to your wireless network?\r\nChange default passwords. Most network devices, including wireless access points, are pre-configured\r\nwith default administrator passwords to simplify setup. These default passwords are easily available to\r\nobtain online, and so provide only marginal protection. Changing default passwords makes it harder for\r\nattackers to access a device. Use and periodic changing of complex passwords is your first line of defense\r\nin protecting your device. (See Choosing and Protecting Passwords.)\r\nRestrict access. Only allow authorized users to access your network. Each piece of hardware connected to\r\na network has a media access control (MAC) address. You can restrict access to your network by filtering\r\nthese MAC addresses. Consult your user documentation for specific information about enabling these\r\nfeatures. You can also utilize the “guest” account, which is a widely used feature on many wireless routers.\r\nhttps://us-cert.cisa.gov/ncas/tips/ST05-003\r\nPage 2 of 3\n\nThis feature allows you to grant wireless access to guests on a separate wireless channel with a separate\r\npassword, while maintaining the privacy of your primary credentials.\r\nEncrypt the data on your network. Encrypting your wireless data prevents anyone who might be able to\r\naccess your network from viewing it. There are several encryption protocols available to provide this\r\nprotection. Wi-Fi Protected Access (WPA), WPA2, and WPA3 encrypt information being transmitted\r\nbetween wireless routers and wireless devices. WPA3 is currently the strongest encryption. WPA and\r\nWPA2 are still available; however, it is advisable to use equipment that specifically supports WPA3, as\r\nusing the other protocols could leave your network open to exploitation.  \r\nProtect your Service Set Identifier (SSID). To prevent outsiders from easily accessing your network,\r\navoid publicizing your SSID. All Wi-Fi routers allow users to protect their device’s SSID, which makes it\r\nmore difficult for attackers to find a network. At the very least, change your SSID to something unique.\r\nLeaving it as the manufacturer’s default could allow a potential attacker to identify the type of router and\r\npossibly exploit any known vulnerabilities.\r\nInstall a firewall. Consider installing a firewall directly on your wireless devices (a host-based firewall),\r\nas well as on your home network (a router- or modem-based firewall). Attackers who can directly tap into\r\nyour wireless network may be able to circumvent your network firewall—a host-based firewall will add a\r\nlayer of protection to the data on your computer (see Understanding Firewalls for Home and Small Office\r\nUse).\r\nMaintain antivirus software. Install antivirus software and keep your virus definitions up to date. Many\r\nantivirus programs also have additional features that detect or protect against spyware and adware\r\n(see Protecting Against Malicious Code and What is Cybersecurity?).\r\nUse file sharing with caution. File sharing between devices should be disabled when not needed. You\r\nshould always choose to only allow file sharing over home or work networks, never on public networks.\r\nYou may want to consider creating a dedicated directory for file sharing and restrict access to all other\r\ndirectories. In addition, you should password protect anything you share. Never open an entire hard drive\r\nfor file sharing (see Choosing and Protecting Passwords).\r\nKeep your access point software patched and up to date. The manufacturer of your wireless access\r\npoint will periodically release updates to and patches for a device’s software and firmware. Be sure to\r\ncheck the manufacturer’s website regularly for any updates or patches for your device.\r\nCheck your internet provider’s or router manufacturer’s wireless security options. Your internet\r\nservice provider and router manufacturer may provide information or resources to assist in securing your\r\nwireless network. Check the customer support area of their websites for specific suggestions or\r\ninstructions.\r\nSource: https://us-cert.cisa.gov/ncas/tips/ST05-003\r\nhttps://us-cert.cisa.gov/ncas/tips/ST05-003\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://us-cert.cisa.gov/ncas/tips/ST05-003"
	],
	"report_names": [
		"ST05-003"
	],
	"threat_actors": [],
	"ts_created_at": 1775441553,
	"ts_updated_at": 1775791311,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5644b7509166043efb77342e738f066ae7a881aa.pdf",
		"text": "https://archive.orkl.eu/5644b7509166043efb77342e738f066ae7a881aa.txt",
		"img": "https://archive.orkl.eu/5644b7509166043efb77342e738f066ae7a881aa.jpg"
	}
}