Tips On How Small Businesses Can Secure Their Wireless Networks
In a corporate environment, wireless networking should be as secure as your wired LAN, especially with the growing adoption of BYOD (bring your own device).
Today’s employees use smartphones and tablets as an extension of their workstations, which raises concerns of how secure they are from leaks and hacking.
What can businesses do to secure their Wi-Fi network and at the same time tap into all of the resources on the corporate LAN – as well as the cloud -with confidence?
Here are some tips
Don’t rely on WEP encryption.
If your Internet service provider (ISP) set up your Wi-Fi, it likely enabled encryption. This version of encryption, however, may be an older security option that’s now easily breakable: Wired Equivalent Privacy (WEP). The Wired Equivalent Privacy (WEP) encryption method was debunked long ago and provides inadequate Wi-Fi security. The WEP encryption keys can be cracked, in some cases, within minutes. You should use the Wi-Fi Protected Access (WPA or WPA2) encryption method.
Use the Enterprise version of WPA/WPA2
To prevent employees from seeing the encryption keys or passphrases and having them loaded on their computers, you should use the Enterprise version of WPA or WPA2 rather than the Pre Shared Key (PSK) or personal version. Otherwise, when an employee leaves the company, he or she will still have the key to unlock the network. Additionally, their laptop could be stolen and a thief could have the key.
WPA/WPA2-Enterprise hides the actual encryption key; it’s never loaded onto the computers. After everything is configured, users log onto the network with a username and password that can be changed or revoked. Most likely, you will need a professional IT installation for WPA/WPA2
Do Not Leave Ethernet Ports Exposed
Though you can use the latest Wi-Fi encryption, it’s useless if someone plugs directly into a port within the building and can access the network. Moreover, your employees could even plug their own AP into a port, intentionally or not, giving out open wireless access. Make sure that all routers, APs, and network devices are hidden and secure. You could use hard to get into locations like closets, or the space above false ceilings.
Use Extra Encryption (VPNs)
To encrypt the wired side of the network and for double Wi-Fi encryption, you could use VPNs. You can buy a standalone VPN server, install server software on a computer, or purchase a hosted service. Every computer on the network could be configured to connect with the VPN server. Then even the users’ traffic on the wired side of the network will be encrypted and double encrypted over the airwaves.
Eliminate Possible Connection To Other Networks
“We have seen cases when employees were intentionally connecting to neighboring networks because they were faster”, said John Murray, VP of Operations at GCInfotech.
Since computers may be sharing files or have sensitive data on them, you need to prevent them from connecting to other networks. Check Windows to make sure it isn’t set to auto connect to available networks. In Vista, you can even use the WLAN commands for the Netsh utility to block all networks but yours.
Keep Hardware Updated
Securing your network and computers requires some maintenance. You need to periodically check for firmware updates for the router, access points, and other network components. You also need to keep track of the network adapters that are loaded in the computers and update them with new drivers if and when they become available. Additionally, make sure the operating systems on all the machines are kept update-to-date with security patches and fixes. Keeping everything maintained will help ensure any known vulnerabilities are addressed and any new security features are supported.