A wireless network in your business gives your team the convenience of being able to use their mobile devices or computers from anywhere in your building. Unfortunately, without the proper security, your wireless networks can be vulnerable to attacks from hackers who want to steal your business data or customer information. By employing some wireless network security best practices, you can keep your system and business information safe.
Keep Internal and Guest Users Separate
When guests visit your business, they’ll likely want access to your wireless network. While this is a great benefit to offer your customers, it is important to keep their access separate from that of your internal users. With all of the WiFi technological advances out there, it is easy enough to allow guests to use your wireless network while segregating them to only have Internet access. Unless they require the ability to get to internal resources, ensuring that they are kept separate can help to keep your business secure.
Use Wi-Fi Protected Access 2 (WPA2)
WPA2 is a security protocol that uses all the important security elements associated in the 802.11i IEEE security specification, and it will help to keep your business wireless network secure. There are two different types that you need to know about:
- WPA2 Enterprise. This type uses 802.1x authentication
- WPA2 Personal. This type uses a standard pre-shared key
When it comes to keeping your business secure, WPA2 Enterprise is your best option, as it will require all users to authenticate using their own unique username and password.
Physically Secure Access Points
The wireless LAN for your business will need to be evenly distributed, so this may lead to access points in some inconvenient locations. You may need to place equipment in ceilings or closets so that all users are able to access your wireless network when necessary. While it may be difficult, it is important to try and physically secure these access points as best as possible in order to prevent tampering or theft. Some of the most advanced access points will allow you to mount the device in place and secure it with a lock. In addition to this physical security, you should also make sure that local access to your WAP requires the use of a unique password.
Limit Your WiFi Signal Strength
When it comes to your business WiFi, a strong signal isn’t always a good thing. While you need your signal to be high enough for your employees and internal users to get their work done, you don’t want unauthorized users to have access to it. In terms of security, you should aim to provide sufficient WiFI coverage only to areas where it will be required. If your signal extends beyond the walls of your building and out into public areas, you may be putting your business at risk. People who might attempt to interfere with your wireless signal or break into your network will have access to your system.
Use Rogue Access Point Detection
Rogue wireless access points are unauthorized access points that have been installed onto a secure network. Rogue access points can interfere with the operation of your network and can cause damage in a variety of ways:
- Allow a hacker to initiate a “man-in-the-middle” attack
- Flood your network with useless data
- Send false SSIDS advertising attractive features
- Provide a way to steal company information
Obviously, this can pose a serious threat to your network security, so it is crucial that you have the right systems in place that will actively monitor your WLAN against these problems. There are a variety of ways that you can make it more difficult for a rogue to access your network, including changing your rogue classification rules and eliminating benign access points from your rouge list so that the actual rogues stand out.
Use Wireless Intrusion Prevention Systems
In order to keep your system safe, you can include a dedicated wireless intrusion prevention system (IPS) within your wireless security. These devices work by monitoring and detecting more nefarious and targeted WLAN attacks that use AP spoofing, packet floods, malicious broadcasts, and other techniques.
Network intrusion prevention systems such as Snort are a preemptive approach to keeping a network secure, as it can identify potential threats and handle them quickly. Similar to intrusion detection, these systems monitor network traffic, but they also have the ability to take swift action against a possible exploit based on a set of rules that have been established by your network administrator.
Practice Mobile Device Management
Mobile device management (MDM) is a helpful security element that allows you to quarantine devices that aren’t up to your security standards. There are several benefits to mobile device management, all of which are based on protecting the integrity of your business network and the data that it houses, including:
The ability to track and monitor regulatory compliance initiatives
Remotely manage users and their devices, including the ability to remotely disable or disconnect unauthorized users
Centrally audit and control device updates
Extend the security protocols of your organization to protect the mobile devices on your network
The benefits of mobile device management give you the chance to accept mobile devices without worrying that your security or data will be compromised.
Support Legacy WiFi Devices
Not all of the mobile devices that attempt to use your network will be the latest technology. You need to keep in mind that some older devices won’t have the capabilities to meet your best practice implementation standards. For example, wireless printers may last for a long time, but as your network technology changes, they may no longer be supported. In situations where devices aren’t able to use the most secure form of WiFi encryption and authentication, it is in your best interest to place these devices onto their own virtual network.
Wireless networks are preferred by many businesses, as they allow for greater usage of mobile devices. However, in order to get the most out of these systems, it is important that they have proper security protocols in place.
