Wireless connections are convenient, but deploying them carelessly can pose serious security risks. Unless they are well protected, intruders can get into the network without going inside the office or touching the equipment. They can bypass its defenses and steal data or install malware.
Proper wireless management will keep these risks to a minimum. Only authorized people and devices should be able to use your wireless network. To keep the access points safe, you need to set them up correctly and give their use ongoing attention.
Securing the access points
The easiest and worst way to set up an access point is to make it public. There is no password, and anyone can get into the network. Worse yet, anyone within range can use some simple equipment to intercept all the data going back and forth. They can read passwords, email, database responses — anything.
Shopping malls and libraries use public access points because they are convenient, but they put them on networks that do nothing but connect through to the Internet. There is nothing to steal. A network that holds business data needs to be more cautious.
Business networks should always select a secure access protocol for their networks. They admit only users who have the password. Equally important, they encrypt all traffic. Anyone intercepting the data will see only meaningless bits.
The designers of wireless protocols have created several over the years. The older ones, WEP and WPA, have known flaws that severely weaken their security. The state of the art is WPA2. It's been around long enough that every device that is not ancient supports it, so there is no excuse for using less.
Keeping access points updated with the latest firmware is important. Last year, a vulnerability was discovered that affected all WPA2 access points. Firmware patches are available now for most devices to avoid the problem. Access points that never get updates, though, could be exploited, letting an intruder decode encrypted data.
The password needs to be a strong one. If it is one that's easy to guess, like the company name, the access point will not stay secure for long.
After setting up a secure network, good practices will further help to avoid break-ins. Here are some steps, most of them relatively easy, to take:
Most access points allow administrative access to change their settings. Change the administrative account and password from the default (typically something like "admin" and "111111") to something else. If you have the option, allow access to the account only from the local network.
Set policies on what devices people can use to access the network. A BYOD (bring your own device) policy is convenient for employees, but letting possibly infected phones onto the network is dangerous. Only devices with approved configurations should have access to the network. Mobile device management software is available to enforce policies.
Use an SSID (access point name) that provides no identifying information. There is no point in calling attention to your network. You do not have to be cryptic; something unique and neutral like "WIRELESS7520" will do nicely.
If it is feasible, segment the network so that wireless devices do not have access to sensitive data. Usually, there is no need for them to have direct access to databases.
Enable the access point's firewall if it has one, or put a firewall behind the access point. That will make it harder for infected devices or intruders to do damage.
If you can control the signal strength, make it just strong enough to cover the area of legitimate use. The closer the bad guys have to get, the fewer chances they have. This is only mild protection, though, so avoid turning the signal down so much that authorized users have slow connections.
Keep your access points physically secure. Protecting any device against people with hands-on access is hard.
You never know who is lurking outside your office walls. Paying attention to wireless security will make your network safer and prevent costly problems. Total Computer Solutions can provide the network security expertise to protect against cyber-attack and assess the security risks to your business from inside or outside of the organization. We have made it our mission to provide the customized computer solutions which are best suited for your smooth day-to-day digital applications so don't hesitate to contact us.