Source: Praveen kumar Mathivanan/UnSplash
Unsplash License
What Is Wireless Isolation?
What is wireless isolation? Given the current COVID-19 pandemic environment, our readers may believe we’re describing home quarantine with WiFi. But in the context of this IAG article, Wireless Isolation refers to a setting found on a WiFi router. In short, it “locks down” your WiFi network. We delve into the particulars below.
Titles May Vary But the Song Remains the Same
Various router manufacturers call Wireless Isolation “Station Isolation,” “Access Point (or AP) Isolation,” “Set Service Identification or (SSID) Isolation” or “Client Isolation.” Asus calls it “Access Internet.” Whatever the moniker, the purpose is the same.
Now-dark wirelessisolation.com explains: “When (the Wireless Isolation) setting is enabled, it prevents a computer connected to a network by a wireless connection from accessing (other) computers and resources connected to the network by a wired connection. It also prevents a wirelessly connected device from connecting to another wirelessly connected device.”
“Quarantining” an isolated device, if you’ll pardon the pandemic reference, keeps it from accessing a network server, host computer or router. In other words, Wireless Isolation stops users on a specific SSID (WiFi network) from obtaining data from other devices in the same SSID, as well as devices serving the SSID from a LAN (wired network).
By enabling a router’s Wireless Isolation, any WiFi client (read: laptop, tablet or smartphone) connecting to the router can access only the Internet. Enabling Wireless Isolation requires devices to connect to the router with an Ethernet cable if users want to “see” other network devices. In effect, Wireless Isolation creates a virtual network specific to each wireless device on a WLAN.
Wireless Isolation or Guest Network?
Depending upon router, you’ll find both features are available, or one, or neither. Many so-called “home” (i.e., inexpensive) routers have neither.
If you’ve already surmised that having a guest network on a router means setting up two separate SSIDs, you deduce correctly. When a router is configured for both a secure primary network (say, for you and the missus) and an isolated sub-SSID network for guests, visiting users are WiFi isolated.
You can configure a WiFi router to restrict guests’ or your juvenile beloveds’ Internet usage by allowing them to go online only during certain hours, or throttle their bandwidth usage or even block them from visiting certain IP addresses. You could confine them to just one band if your router utilizes dual-band connectivity, viz 2.4 GHz and 5 GHz.
And, as your intrepid blogger has discovered much to his chagrin, WiFi routers can also block a device’s unique physical media access control (MAC) address. Sometimes, public WiFi isn’t always “public.”
If you need features like these from your WiFi router, consider the Mikrotik Routerboard RB2011UiAS-2HnD-IN Sfp Port plus 10 Port Ethernet, available from Amazon.
Simple Wireless Isolation is much more straightforward. By enabling the isolation option, all client devices connected to a router will be isolated from all other devices. It’s that simple.
Adding Wireless Isolation to Your Current Router
Perhaps you’ve heeded our advice to own your WiFi router instead of renting it from your ISP. But you bought a cheap router bereft of features such as Wireless Isolation. What to do?
Fret not; a firmware upgrade offering a variety of capabilities may be available for your specific router model. Have you heard of DD-WRT, a Linux-based project created to replace a router manufacturer’s default firmware? By modifying your existing router with DD-WRT open-source firmware, you add functionality far beyond its current capabilities.
In case you’re wondering, the letters “DD” refer to German license-plate letters for Dresden-area vehicles (where project developers lived) while “WRT” refers to the Linksys WRT54G router, a legacy product sold between 2002-2004. This router’s enduring popularity manifests itself as today’s WRT54GL, found on Amazon.
DD-WRT avails your router with features such as:
-
bandwidth monitoring
-
multiple SSIDs
-
endpoint access control (e.g., Wireless Isolation)
-
quality of service (QoS)
-
Dynamic DNS (DDNS)
-
and much more
Is your current router a candidate for a DD-WRT firmware upgrade? Consult this list to find out. READ IT CAREFULLY to confirm your hardware is eligible for DD-WRT lest you brick your device.
If the prospect of configuring multiple functions on a WiFi router makes you queasy and you’re satisfied with 802.11g (i.e., ±50 Mbps data speeds) functionality, consider the Linksys WRT54GL router. It’s affordable and setup is easy—including Wireless Isolation. Note that “AP Isolation” on the WRT54GL is turned OFF by default. See this model’s user guide here.
If, on the other hand, you’re willing to transform your home WiFi router into a “super router” using downloaded DD-WRT firmware, watch this video from HelpfulTechVids: It’s the first of a series of tutorials. Also, refer to this howtogeek.com article.
Should I Enable Wireless Isolation on My WiFi Router?
In a word, yes. And if you manage a business with a public WiFi network, in two words—ABSOLUTELY YES. Do you want to give your WiFi patrons access to your business’ servers, printers, peripherals or systems? Didn’t think so.
Wireless Isolation also prevents Man-in-the-Middle (MITM) attacks. Examples of MITM attacks include ARP Spoofing and ARP Poisoning. We spoke of MITM attacks before; my IAG colleague Benmin Smith explains here. Also, see our article on WiFi Pineapple to see how Pineapple MITM works.
Address Resolution Protocol (ARP) Spoofing pings a device to ascertain its physical Ethernet address. A hacker can ping a device by spoofing an access point’s IP address, thereby duping the targeted device into divulging its MAC address. Once that occurs, the barn door is open; all of the target’s data and communication is visible to the hacker.
ARP Poisoning can cause Dedicated Denial of Service (DDoS) attacks at the LAN level by merely hijacking and dropping/not forwarding data packets intended for the targeted user.
Coda
An easy way to limit users’ Internet access to your WLAN is to appropriately configure your WiFi router using admin controls. Router control is part of the router’s administrative panel (similar to a Control Panel found on a Windows OS) and accessed via either a web browser or an app from the router’s manufacturer.
Note that some Netgear routers allow configuration only through a mobile app (BOO! HISS!). However, you can open the admin panel on many Linksys routers by entering “http://business.linksys.com/” into a web browser accessing your network (Hooray, Cisco!).
To open the admin panel on most legacy routers, type the router’s IP address into the web browser. For example, your intrepid blogger accesses his neighbor’s Cox Communications-issued router by entering “192.168.0.1” into his Opera browser. Please don’t tell her!