Wireless Security in your Business
Securing your business’ wireless network must be a top consideration when purchasing and installing a new network or examining an existing one. With small and medium sized business, security is becoming ever more necessary. Here are some tips and suggestions that will help secure your company’s wireless network.
1 – Create an authorized user list
One of the first things that should be factored into your wireless network is how many users are going to be supported with this network. Maintaining a list of users that have access to the network will make it easier to detect if unauthorized access to the network has occurred. Wireless routers and wireless access points have a log that displays what computers are on the network and what they are accessing. Without knowing exactly who has which computer, this can become a very daunting task.
2 – Limit the wireless signal
Next, how large is the space that you are providing wireless access to? Having a good strong signal is important to authorized users but it is also an attractive feature for unauthorized intruders as well. Keeping the signal within the confines of the business is important to prevent things like Warchalking (Warchalking is the marking of a building to advertise that it has an open Wi-Fi network). Signal strength in most cases can be turned down to keep the broadcast of the signal within a certain area. Wireless access points and routers can also be purchased with directional antennas that broadcast in only certain directions vs. a complete radius. This will allow administrators to focus the direction of the signal in a fashion that benefits authorized users the most.
3 – Hide the SSID
Wireless routers and access points broadcast their SSID (Service Set IDentifier) by default to make it easier for devices to discover the network. Hiding the broadcast SSID is another feature many wireless routers and access points have that enable the administrator of the network to make WiFi access undiscoverable by unknown users. This is one feature that can allow the administrator to control who has access to the network and who does not by only sharing the network name with authorized users.
4 – MAC address filtering
Use MAC (Media Access Control) address filtering. This is a great option to further restrict access to your wireless network. MAC addresses are unique identifiers that are assigned directly to the network interface card and are used by the network to keep track of which computer is which. Filtering these addresses from within the router or wireless access point gives network administrators the ability to only allow computers or devices with a specific MAC address onto the network. If a device does not have a MAC address that the router recognizes, then access is denied.
5 – Enable wireless encryption
Now, let’s take a look at encryption. Using some form of wireless encryption is far better than using nothing at all. Some types of encryption are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access version 2 (WPA2). The two biggest shortcomings of WEP are that it uses the same encryption key across all devices and because of the strength of this encryption type; it is more easily cracked when compared to WPA. WPA and WPA2 are designed to use the 802.11i wireless LAN security standard. WPA was the first version and addressed the shortcomings of WEP by employing the use of the Temporal Key Integrity Protocol or TKIP. TKIP improves on the WEP encryption method by wrapping the original WEP packet in a temporary randomly generated 128 bit encryption for each packet delivered to the network. WPA, however, is only a partial implementation of the 802.11i standard. WPA2 is the full implementation of the standard and rather than TKIP, WPA2 encryption favors Counter Cipher Mode with Block Chaining Message Authentication Code Protocol or CCMP. Some of the advantages of CCMP over TKIP are data confidentiality, authentication, and access control. WPA2 is the full implementation of the 802.11i standard, and since 2006, it is required for all devices to be Wi-Fi certified. In summary, WEP provides better than nothing security, WPA provides better security and WPA2 provides the best security.
6 – Create strong passwords
Finally, come up with a strong password for the network. Same as any other password policy you may be deploying, your wireless access password should follow many of the same rules. The password should be something that is easily remembered but hard for someone to guess. Using numbers and special characters to represent letters and the use of phonetic passwords is recommended. Changing these passwords on a regular basis can also be useful but if done too often, can lead to one of the simplest and most effective password cracking techniques, employees writing it down and leaving the password somewhere that can be seen by an unauthorized user.
Now let’s recap.
- Develop and maintain a list of authorized network users.
- Limit the unnecessary projection of the signal outside of the company’s walls.
- Consider hiding the SSID to make it more difficult for unauthorized users to detect the network.
- Use MAC address filtering to only allow access to the router or wireless access point by devices that have a MAC address in which they recognize.
- Enable wireless encryption. Again, having some form of wireless encryption is better than having no encryption at all.
- Come up with the best password possible to your wireless network an make it a part of your password generation and renewal procedure.
There are a number of network equipment manufactures like Extreme Networks that are able manage your wireless network centrally and have it integrated with your other systems like Microsoft Active Directory, or another directory services. Contact us to see how we can help you secure your network.
| Connect With Us