Protecting Your Company’s Wireless Network
By nature, wireless networks are not secure. While connected to the internet via WiFi, your network activity is broadcasting to everyone in your immediate vicinity. Anyone sitting nearby with malicious intent can capture your activity and review it if it’s not encrypted. On top of that, there are several techniques (like an evil twin attack) that can be used to trick victims into giving up valuable information. What can you do to protect your wireless network and yourself? You’ll need to keep security tight, stick to best practices, and stay keen.
To lock down your WiFi you’ll need to make sure you have a few things in place. First, make sure you’re enforcing the use of only WPA2 on your wireless access points as your security authentication method. WPA is considered much less secure, and WEP can literally be cracked in minutes. If you have a WPS button on your device (often found on home-grade routers/firewalls), you should disable it. There are easy attacks (like Pixie Dust) that target vulnerabilities with this convenient connecting mechanism. Additionally, make sure you’re using a sophisticated password or passphrase for your private and public WiFi networks. There are many methods used to quickly crack passwords of many types, and WiFi passwords are no exception. It’s quite easy to capture a hashed (disguised) WiFi password and cracking it could be just around the corner if you have something easy or guessable. Try not to use anything personal in your password! Last, make sure your WiFi hardware’s firmware is up-to-date! Manufacturers are constantly updating firmware to patch the latest security holes.
Also, be sure to follow general best-practices for securing WiFi networks. Segregate wireless networks from internal production networks to allow more control over the flow of information. If you require a private WiFi network to have access to your production environment/servers, consider a special additional network with a strong password that is only given to necessary employees. Keep your public WiFi network segregated with no access to your internal network to create a sort of DMZ (demilitarized zone) allowing devices like phones or tablets to only access the internet. If you want to take these measures a step further, you can implement MAC filtering or host posture analysis. MAC filtering isn’t foolproof, but it’s another line of defense to make an attacker work through. Host posture analysis can be used to verify an endpoint’s security before allowing a connection to sensitive resources.
With all of this in place, surely your network and information are safe right? Unfortunately, no. Despite all of the industry’s best security measures, the weakest link is still ourselves. You need to stay on your toes and keep a look out for anything out of the ordinary. Don’t click on suspicious looking websites or emails, and keep yourself informed of the latest threats. It comes down to being smarter than the threat and staying on top of your security. Take the time to analyze your situation and do what you can to make yourself more secure.
E Squared C is a managed service provider (MSP) providing professional IT services for businesses in Nevada and California. By partnering with E2C, your business gains a team of experts who solve IT problems with reliable, efficient, and secure IT management services. Contact us to find out how our experts can help your business!