Tips to Enhance Wireless Network Security
Most devices today connect to our local network via wireless, and more router manufacturers including TP-Link are making routers easier to set up and configure, even via handy little apps instead of annoying web-based interfaces, such as Tether and Deco App. Thanks to such 'smart' Apps, we don’t have to tweak many options after purchasing a new router. Just log in, change the wireless network name and password, and call it a day.
However, it's important to keep in mind that a secured network is not always secure. It is vital that you take proper preventative measures in securing the wireless router or access point to protect your network. You must have heard of Wi-Fi deauthentication attacks or the so-called Wi-Fi Deauther, which can kick devices off a 2.4GHz Wi-Fi network with a deauthorization command. As a result, some of the smart devices like smart bulbs, plugs, and printers that work with the 2.4GHz network may disconnect from the network and we need to connect them back manually.
In this story, I would like to share a simple but important tip to improve the security of our network. That is, set the wireless network security to WPA3 Personal for better security, or set it to WPA2/WPA3 mixed encryption for compatibility with older devices. I own an Archer AX55, BTW. You probably have a different web configuration page from mine, but there should be similar options. I will show you the wireless security settings on my web page:
I can only choose WPA3-Personal+WPA2-PSK[AES] on my router since I have some bulbs and plugs that need to connect to the 2.4GHz network. They won't connect to the network if I choose WPA3-Personal. So you may choose the same as mine if you have some old or smart devices in your network.
I also learned from TP-Link that some of my devices like my Samsung Galaxy and iPhone 11 won't be affected since they all support WPA3 or WPA2 encryption with PMF, but those smart bulbs and plugs would be still at risk since they don't support WPA3. I'm not sure if they support WPA2 encryption with PMF, I will need to contact the manufacturers now.
Curiously I googled online what is PMF, and here is what I found on Wi-Fi Alliance:
"Protected Management Frames (PMF) provide protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. They augment privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks. PMF is required for all newly certified devices."
I was also pointed to a very useful blog by the engineer, which illustrates many more suggestions on how to make my router more secure. I will follow those steps and tips to check all possible settings right now.
If you're interested in locking down your wireless network security, you can get a quick glance at How Do I Secure My WiFi Router?