Secure Default Settings for Wireless Access Points
Ensure wireless access points are secured by updating default settings for enhanced protection.
Plain language
When you get a new wireless router for your office or school, it's important to change the default settings it comes with. These defaults are like the factory presets, and if left unchanged, they can be an easy way in for hackers. By updating these settings, you add a layer of protection to your network, keeping your sensitive information safe from potential intruders.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2023
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
Settings for wireless access points are hardened.
Why it matters
Failure to harden wireless access points from default settings can allow unauthorised access, interception of traffic and data breaches.
Operational notes
Review access point defaults regularly: change admin credentials, enforce WPA2/3 encryption, disable WPS, and remove unused SSIDs/services.
Implementation tips
- The IT team should identify all wireless access points in use. They can do this by reviewing network equipment inventories and conducting a physical inspection of areas with network coverage. This ensures that every device in use is accounted for and ready for secure configuration.
- IT managers must change the default usernames and passwords on all wireless routers. To do this, log into each device using an admin account and update the login credentials to something unique and difficult to guess. This step ensures that unauthorized users cannot easily gain access using factory-set credentials.
- Network administrators should disable remote management features unless they are absolutely necessary. They can do this via the router's settings menu. Disabling remote access reduces the risk of an external attack where network settings can be changed maliciously from outside the building.
- The IT department should enable encryption protocols like WPA3 on all wireless access points. Access the router's security settings and select the strongest available encryption to protect data transmitted over the network. This prevents eavesdroppers from intercepting wireless communications.
- IT staff should regularly review and update the firmware of wireless routers. To do this, check the manufacturer's website for firmware updates and install them as soon as they are available. Keeping firmware updated ensures that security patches are applied to protect against known vulnerabilities.
Audit / evidence tips
-
Aska list of all wireless access points
Goodis documentation showing the new credentials while ensuring they follow strong password guidelines
-
Goodsecurity reports showing all access points with active encryption settings as recommended
-
Askrecords of remote management settings
Goodincludes a record or configuration screenshot showing remote management disabled except where an explicit need is evidenced
-
Goodis a log showing recent firmware updates and current versions, with dates aligning with manufacturer release dates
-
AskIT policy on regular review and update of wireless settings
Goodpolicy actively outlines a schedule and assigns roles to ensure ongoing compliance
Cross-framework mappings
How ISM-1710 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.9 | ISM-1710 requires wireless access points to be hardened by changing insecure default settings and applying secure configuration | |
| Annex A 8.20 | ISM-1710 focuses on hardening wireless access points by securing default settings to reduce exposure on the network edge | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.