It seems like every few months I have to set up a wireless network for someone. And while it's certainly an easy task I am fairly sure that the security choices people make in the process are probably not the most iron-clad.
Whether by design or by default, every company and, now, most homes have a wireless network. Unless you understand, control, and manage this network, you are creating vulnerabilities that threaten network security. As more and more companies begin using wireless as a primary medium for data services, including VoIP and video, preventive measures should be taken to better safeguard your Wi-Fi.
I spoke with Jay Botelho, director of product management at WildPackets, who provided three tips to safeguard a wireless network:
1. Ad-hoc mode: Turn it off--forever.
I'm amazed how often I continue to see laptops in public places, like airports, coffee shops and trade shows, that are configured with ad-hoc mode enabled. Just "view available wireless networks" next time you're in a public place and I'm sure you'll find a neighbor or two with ad-hoc mode enabled. If they're a colleague of yours, do them a favor and tell them to disable ad-hoc mode--forever. There's nothing it can do for them, except create a possible security breach. And whatever you do, don't connect to an unknown ad-hoc network. You may just be taking someone else's bait.
2. Use WPA-2.
The word has been out for awhile, but usage of sub-standard wireless authentication/encryption, including WEP, is still prevalent. There's no reason to be using anything except WPA-2. Every wireless adapter and every AP for sale today supports WPA-2. Some of your gear is 4-plus years old and doesn't support WPA-2? Replace it! I'm sure there are some killer deals at your local electronics store. And the risk far, far outweighs the expense. You don't have to look far to find evidence of this--remember ?
3. Establish firm security policies.
The above concrete actions are just examples of what is truly needed: a complete security policy for your organization. The policy must tie overall network security with wireless security. It's all one network--it needs a single unified policy that incorporates all levels of network access. Wireless is only one of them.
Follow me on Twitter @daveofdoom