Best way to protect against deauth attacks and other hacks?

  • 1
  • Question
  • Updated 2 weeks ago
  • Answered
Hello,

I'm new to securing networks other than WPA2 passwords.   Other than keeping them complex and long and changing them on a regular basis is there anything else I should do to secure the wifi?    We have a guest and private network and an approved mac list.
Photo of boedillard

boedillard

  • 30 Posts
  • 1 Reply Like

Posted 5 months ago

  • 1
Photo of Ben Winslow

Ben Winslow

  • 9 Posts
  • 4 Reply Likes
Using an 802.1x authentication method (WPA/WPA2 Enterprise) will provide better security than than WPA2 preshared keys.  That way, each client's traffic will have a unique encryption, and eavesdroppers will not be able to decrypt the traffic.

You can also enable client isolation, to prevent clients from being able to communicate with other wireless clients, but this will prevent devices like chromecasts and printers from operating normally.

As for protecting against Deauth Attacks, I am not aware of a means of enabling 802.11w (protected management frames) on the unleashed product.  This would only work with clients that support 802.11w, but those that support it would ignore deauth frames sent from a different AP.

This is by no means an exhaustive list, you will find plenty of other methods that should be available to you.
Photo of Ankush

Ankush, Employee

  • 72 Posts
  • 42 Reply Likes
Hi Boedillard,

You can Hide the WLAN also enable Management Frame Protection (MFP), in addition to the WPA2 encryption.802.11w Management Frame Protection provides additional security measures for management frames. Not all client devices support 802.11w.

Check your client devices before enabling 11w. If “Required” is selected, clients must support 11w in order to connect. If “Capable” is selected, clients with or without 11w should be able to connect. However, note that some clients with poor driver software may have connection problems even if 11w is set to Capable.

Hide WLAN is available under WLAN>Advance Options:


MFP can be enabled from the GUI under WLAN >
 


You can check from your PC if it supports MFP.
 


Regards,
-Ankush