How to secure Wi-Fi devices ? How to secure ?

Hello everyone welcome to the show "Ethical Hacking" episode 83 today we are going to discuss about Securing WiFi devices.Wireless devices are much less secure than our traditional networks because their data streams are simply flying through the air,waiting to be gobbled up by some attacker sitting out there.When we talked about wire tapping in the last lesson,we talked about having to gain access to the network physically.Well, with a wireless network that challenge is eliminated because the network is literally floating in the airways.In this lesson we're going to discuss some of the basic vulnerabilities associated with wireless networks and how you can combat them.First, the administrative access on the wireless access point is a vulnerability.Usually these have default user names and passwords like admin, admin like we discussed before.And you have to make sure you secure them.Also, remote administration should be disabled on your wireless access points.Remote administration is something that allows you to connect over the internet and then make changes to your wireless access point.You don't need that.Instead you should turn it off and make sure that you're doing it locally inside your network only to minimize that risk.The second vulnerability we have to think about is the service set identifier,or the SSID.Back in network plus you learned that the SSID is what uniquely identifies the network and it acts as the name of the wireless access point that the clients are going to use to connect to it.For example, if you came by my offices,you would see that my network is the oh so hard name to guess of vijay.Anyone who sees that might think hey that might be vijay kumar's WiFi, right?Well, that's the SSIDs job.It sits there and it broadcasts out hey I'm here,I'm here, I'm vijay, I'm vijay I'm vijay Now, according to you should disable the broadcast.So clients have to already know the name of it prior to connecting to it.They say this is a way to slow down the bad guy from attacking your network.As an ethical hacker myself,I can tell you that it isn't really going to slow me down.If you aren't broadcasting openly,your clients are still sending the same wireless access point information and that SSID with every single communication they make.It takes me about five seconds to find out your SSID if you're not broadcasting.So by disabling it you're just making operations harder for yourself and you're not really gaining any security here.Now all of that said,if you're asked disable SSID broadcast is considered good security in the security and you should implement it.In the real world, it really doesn't matter that much.Now the next one we're going to talk about is rogue access points.Rogue access points are another vulnerability out there.A rogue access point is an unauthorized wireless access point or wireless router that somebody connected to your network and it's going to give access to your secure network.For example, if you walk around your office and somebody decided that they didn't want to plug into that RJ45 jack all the way in the back wall over there,so they put a wireless access point so they can access it throughout the whole room.That makes operations easy for them,but that wireless access point wasn't properly configured.This is going to extend your wired network into the wireless realm,and it can introduce it's own DHCP server and cause all sorts of other issues.To prevent this you should enable MAC filtering on the network,network access control and run a good IDS or IPS on your network that can detect or prevent these devices when they initially try to connect.