Wireless local area networks (WLANs) are convenient, cheap and easy to install. They allow for mobility around the office and deliver greater flexibility. But unfortunately they can also be very insecure unless you take the appropriate precautions.
An insecure network leaves you open to eavesdroppers who could dig into your business files to undercut your prices or change data within your systems for fun or for fraud.
But there are ways to stay secure. Follow these five easy steps and you will be well on your way to secure, hassle-free wireless communication.
1. Common sense security
- Don't assume that your business is of little interest to hackers - they often do what they do just for fun. They may also use your business to cause damage to someone else (e.g. infiltrating your insecure network to send out virus infected information). These attacks would then appear to come from you, protecting the hacker's identity and exposing yours.
- Try to position access points (which transfer data between your wireless devices) away from outside walls to prevent leakage of radio signals. This limits the chance of interception from outside
- If possible, use a firewall to isolate your WLAN from the rest of your network
- Keep the software and/or firmware for your wireless devices up to date. This makes it much more difficult for hackers to exploit.
2. Choose equipment carefully
- Selecting the right equipment for your needs is a critical step in a successful wireless deployment. Seek out devices that support WiFi Protected Access (WPA) or ideally WPA2 (government grade security).
- Refer to the WiFi Alliance website (www.wi-fi.org) to make sure you select genuine, certified WPA and WPA2 devices.
- Use WEP (Wired Equivalent Privacy) only as a last resort and, wherever possible, only in conjunction with IP VPN technologies (e.g. PPTP, IPSec for SSL). WEP is not considered secure.
3. Use a VPN
- Consider using IP VPN technologies for additional security; running PPTP, IPSec or SSL from your client device (e.g. laptop or desktop) over your wireless network to a secure point (e.g. a firewall) provides enhanced security. By doing so, even if there is a vulnerability in your wireless security implementation your data will be safe.
4. Configure security settings
- Avoid the impulse to “Plug & Play” when installing a wireless network! Out-of-the-box security settings are unlikely to be sufficient; seek advice from an expert if you are unsure of how best to configure your wireless equipment
- Enable encryption. The longer the encryption key the better (20 random characters containing letters, numbers and symbols is considered strong)
- Filter MAC (media access control) addresses, so that only 'permitted' devices can access the wireless network. This is only appropriate in instances where all users or 'regular' or 'known'.
- Don't go for the obvious when you select a name for your wireless LAN. For example, if your company name is 'Phillips and Son Lawyers' don't call it 'Phillips'. Any intruder would quickly put two and two together and know which company the wireless network belongs to.
- Don't advertise your wireless network. By default, many wireless access points are configured to advertise your wireless LAN ID, making it clearly visible to anyone in the surrounding area with a wireless network client.
- Reduce the transmitter power of your wireless access point so that the signal is not available beyond where it's needed. If you just need wireless access in your office, there's no need to make it available over your entire neighbourhood.
5. Use strong authentication
- Consider using 802.1x with certificates for stronger authentication (note, this requires a Radius server and is more complex to set up but is definitely more secure). Making your information as hard as possible to read will instantly deter an eavesdropper and they will go for an easier target.
- If you are using a pre-shared key (i.e. you are not using 802.1x for authentication), your key should be long and complex. Don't use dictionary words or names (e.g. the name of a family member or pet) as these are significantly easier to guess and therefore susceptible to brute force (dictionary) attacks. Use something obscure mixing letters, numbers and symbols. If you need to retain a written or printed copy of your key for later reference, make sure you keep it somewhere secure (i.e. don't put it on a sticky note on your screen).