Wi-Fi networks are a great innovation that allows us to gain internet access without the need for a bunch of messy wiring. While the convenience supplied by Wi-Fi networks cannot be questioned, their security can bring about certain problems, especially if their configuration is lacking. Over time, there have been many beliefs presented on the best practices when it comes to Wi-Fi network security. Some of those beliefs have merit, while others are outdated. This article will help bring you up to speed on Wi-Fi network practices to employ to avoid any negative security issues.
Avoid WEP Security
In your wireless routerís settings, you have the option to choose the security mode you want to employ. WEP, which stands for wired equivalent privacy, is a mode that is outdated. Novice hackers can break through its walls, and there are better options out there that offer more protection, such as WPA2. Should you find that your router does not support WPA2, or Wi-Fi protected access, see if there are any firmware upgrades available. Otherwise, you are better off making the investment to upgrade your router.
Avoid PSK Mode for Business Setups
When using either WPA or WPA-2 security, stay away from the PSK mode. This mode uses a pre-shared key that is essentially a matching password that must be entered into various clients. Since the key is being shared by multiple people, a business will run into the problem of having to change the key each time a person leaves the company, and it will then have to be re-entered all over again.
Enable 802.1x Authentication
One way around the use of PSKs in the workplace is the EAP, or extensible authentication protocol, mode. EAP skips PSKs and opts for 802.1x authentication instead. The advantage of this is that each user on the network can have their login credentials. This makes life easier for admins because access per user can be revoked with ease, as opposed to changing the PSK on every client. The problem that comes with traffic eavesdropping is also averted using this method. One thing to keep in mind is that you want to ensure that EAP client settings are secured to prevent any attacks. One way in which you can accomplish this in Windows is by enabling server certificate validation.
Use a Network Access Protection or Network Access Control Solution
Network Access Protection (NAP) or Network Access Control (NAC) solutions add extra layers of security to your network. Solutions in this realm include Microsoftís NAP functionality which is found in Windows Server 2008 or later and Windows Vista or later on the client side, or you could go for the third party route with a solution such as PacketFence.
Make Use of WIPS
WIPS, short for wireless intrusion protection prevention system, is a solution that adds an extra level of protection to your network by detecting and fighting off instances where hackers may have tried to launch denial of service attacks or have set up rogue access points. Think of it as a watch dog for your network. Some examples of WIPS on the market include those offered by AirMagnet and Snort.
Hidden SSIDs and MAC Address Filtering are Not Foolproof
In the past, many have argued that disabling the broadcasting of SSIDs, or the public names of wireless networks, offered additional security. While this does remove some network visibility, an experienced hacker can still detect a hidden SSID with the right tools. If you elect to hide the SSID, you will also have to perform extra work when it comes to network configuration, as it will be necessary to input the SSID manually into clients.
On the topic of MAC address filtering, this is another practice that does give you some extra security, but nothing that an experienced hacker cannot work around. Like hidden SSIDs, MAC address filtering adds extra configuration work as well.
Filter SSID Connections
If you are a network admin in an area that has a lot of wireless networks nearby, itís a good idea to limit which SSIDs users can connect to. This will avoid any accidents regarding intrusion should they accidentally connect to an unauthorized network. Such filtering can be accomplished in Windows via the netsh wlan commands that are found in Windows Vista and later.
Physical Security is Key
You could institute all the secure technology around, but if you lack physical security for your network, problems could arise if someone resets your access point to the factory defaults. It would be a shame if you invested a lot of time and energy in securing your network to only have it ruined because you left your access point in a highly visible area. Access points should be hidden and out of sight of regular everyday traffic to avoid any issues.
For more on this topic, visit http://www.cio.com/article/693420/Wi_Fi_Security_Tips_11_Do_s_and_Don_ts?page=1#slideshow
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting How-Tos Articles
More By wubayou