Securing a Wi-Fi network
How to make your wireless network safe
Small businesses are increasingly using Wi-Fi to set-up IT networks quickly. But with limited technical knowledge, how can they go about ensuring their network is set up securely?
Wi-Fi deployment within an organisation exposes the company’s internal network outside the physical constraints typically associated with wired networks. This is particularly a concern should the business also decide to integrate its internal servers and databases with the wireless network.
Wireless security threats
What are the security threats? The more common threats include the following:
- Computer attacks from the outside
- Unauthorised access
- Disclosure of sensitive/confidential information
- Denial of service
- Encryption algorithm cracking of weaker algorithms (e.g. WEP)
- Creation of rogue wireless access points
Administrators should be aware of warning signs, such as network performance degradation, loss of availability on a regular basis or clients with an increasing number of pop-ups and viruses.
We find that almost all organisations have a neighbouring office with an unsecured, open wireless network. This can expose their computers, and potentially the internal servers, to an attack or unauthorised access to the network. Another common problem is interference from a wireless network nearby.
Wi-Fi security walkthrough
By default, wireless routers straight out of the box are inherently not secure. Thus, many router vendors make it easy for the non-technical user to secure the router by supplying a manual which clearly illustrates the steps to take. But to ensure effectiveness of the security measures and of the internal network itself it is always a good idea to hire a security specialist to do this for you and help you implement scalable security which will maintain the security level as the network grows.
Here is a walkthrough to the key security measures which should be included in the overall plan and which may not necessarily be detailed in user manuals:
- Perform a risk assessment
- Establish and enforce a wireless network security policy
- Put the wireless router in a secured environment
- Harden the wireless access point
- Turn the Wireless Access Point (WAP) off when not in use
- Implement a Virtual Private Network (VPN) if highly sensitive information is accessible from the wireless network
- Where possible, activate the additional security functions on the router
- Regularly update the firmware and the router operating system
- Enable auditing on the wireless router
- Implement the three step security: Install anti-virus software, implement a firewall and perform regular updates of the operating system
As with all security solutions, small businesses must end-up with a trade between risk, usability, cost, complexity and functionality. However, the functionality now exists to secure wireless networks while still keeping a simple infrastructure and the costs down. Endpoint security and wireless security management tools are now more affordable and are increasingly successful at defending networks against the major threats to Wi-Fi systems, such as denial of service attacks and wireless network sniffers.
Securing a wireless network is not rocket science but with the increasing number of security threats and incidents it is important to take careful steps to plan well, enforce security before you go live and to regularly monitor and keep the security plan up-to-date.
This article was written by Roy Harari managing director of IT security consultancy, Comsec