Wireless networks are becoming more and more prevalent in every office. How does a company balance the different needs of employees, suppliers, contractors and guests while maintaining some semblance of security? Wireless security is an active process not something that can be set and forgotten about. Below are eight of my recommendations for keeping wireless networks secure.
- Create a guest network. Have office guests, suppliers, contractors and employee owned devices attach to a guest network. The guest network should have no connection to the internal network, it should have intrusion prevention and anti-virus scanning enabled and monitored. If Internet bandwidth is shared with the internal network; the guest network should also have a cap put onto the maximum allowed speed to prevent interference with daily business operation.
- Hide the internal wireless network. Do not broadcast the SSID. It is hard to break into something that is not advertised. Don't put the SSID name or password on prominent display in the office.
- Minimize the wireless foot print. Use a tool, (I like Wifi Analyzer by farproc on my android phone) to test how far the wireless network exists. Does it cover the entire parking lot in front of the office, does it cover 5 floors in a multi-tenant building? Reduce the antenna power to only cover the space the office occupies.
- Utilize edge security services on your wireless network. Enable Firewall, Intrusion Detection/Prevention, Anti-Virus, Anti-Spam. If the wireless device allows disable access to countries that you do not do business with. (SonicWall and Palo Alto firewalls have a Geo-location service that allows blocking of countries that you do not do business with)
- Automatically turn off your wireless networks during non business hours. Why risk someone sitting near the office spending hours trying to hack into the network? Having the wireless turned off prevents this issue.
- Review network security. Setup a schedule to review network security. It could be annual, semi-annual or even monthly. The point of reviewing the network is to stop and think about the current wireless configuration, new threats that may exist and adapt security practices to thwart them.
- Monitor wireless access logs. Proactively Monitor the logs for the wireless network to identify issues quickly. Look for things out of the ordinary. The log also serves as a forensic analysis tool if something does happen. (I like WhatsUpGold Log Management to aggregate the logs from multiple sources into one location for review)
- Change the wireless password. Do this after an employee leaves and on a regular schedule. Consider more frequent changes for internal wireless networks or using two factor authentication.