Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: dmeyer@rcrwireless.com.
Wireless connections come with inherent risks – as noted by a recent Value Walk article, criminals have moved past breaching simple office networks to now hacking into wireless-enabled vehicles like Tesla’s Model S. Bottom line: if constantly moving connections, which often require hackers to be less than 900 feet away, are under siege, companies using more traditional wireless and wired connection points can become easy targets. Here’s the lowdown on securing both types of networks.
Wired: draw a map
Wired networks often resemble complex, multi-layered city plans – firewalls, routers, switches, user devices and wireless access points form the streets and alleyways of this virtual municipality. As a result, it’s easy to add new connections without properly documenting their location or interdependence on other resources. Create a current and complete network diagram; this not only helps identify vulnerable network elements but also will help to quickly find breach points in the event of an attack.
Wireless: use WPA2
In 2003, the Wi-Fi Alliance shelved WEP encryption in favor of WPA, which has since been supplanted by WPA2. The difference? WPA2 includes mandatory use of advanced encryption standard algorithms in addition to the counter cipher mode with block chaining message authentication code protocol. While WPA2 isn’t perfect, it’s the best bet for any company running a wireless network.
Wired: update regularly
With so many network components to maintain, it’s easy to put off or ignore small updates. Don’t. Updates to firmware and software are almost always developed to counter security vulnerabilities, even if they’re low risk. The longer a wired network goes without updates, the greater chance of a security breach.
Wireless: improve the ‘passphrase’
When multiple employees connect to a wireless network, it only makes sense to create a common “passphrase.” Low-strength phrases, however, such as a common words or serial sets of numbers are easily guessed by password-breaking software. To maximize the protection of a wireless network, use either a long phrase (25 characters or more), or a set of random words with no relation since both significantly decrease the ability for the passphrase to be broken.
Wired: see above
Passwords are also important for wired networks. Here, employees typically log on to the network using individual access credentials, meaning IT professionals must be diligent in making sure passwords are regularly changed and meet specific complexity standards.
Wireless: sniff out rogues
Rogue access points may be set up by well-meaning employees or malicious actors that are outside the control of local IT. To detect them, use a mobile device running software like Vistumbler or Airodump-ng.
Wired: consider two-factor authentication
In addition to username and password, it’s a good idea to up the ante with two-factor authentication. According to PCMag, there are three general identity factors: Something users know, like a password; something users control, such as a USB token; and something they inherently possess, for example, a fingerprint. Two-factor authentication uses at least two of these identity forms to increase security.
Wireless: create alternatives
Many companies offer free Wi-Fi access to visiting business associates or clients. This is a good idea, but only when kept separate from internal networks. Use WPA2 to protect guests from anyone trying to access their connection – just make sure to pick a unique passphrase and service set identifier.
Wired: segregate traffic
If routers and switches support IEEE 802.11Q specifications, consider using virtual local access networks to segregate network traffic. VLANs let IT admins group wireless access, Ethernet ports or specific users together and can also be used to simplify traffic monitoring by grouping services of the same type, such as voice over Internet protocol.
Wireless: don’t waste your time
As noted above, there are multiple ways to improve network security. There are also myths, however, which can waste company time. For example, don’t bother hiding a wireless connection’s SSID, limiting its IP address pool or enabling MAC address filtering – while these techniques make networks more difficult to spot, they do nothing to deter hackers. Instead, focus on strong encryption backed by complex passphrases and IT oversight.
John Grady is senior manager of product marketing at XO Communications.
Reader Forum: Key strategies to keep your network secure
ABOUT AUTHOR