Steps to secure your wireless network
A few simple steps have to be taken to secure your WiFi network:
Create unique WiFi passwords for your routers. Creating unordinary passwords will prevent unauthorized users from getting access to a router and help keep the WiFi security settings that you set up.
Assets to protect
In order to secure your WiFi network at home, every piece of your data has to be protected. And as for business network, it is important to decide which assets need protection and what will be the impact of theft, damage or loss of data. Upon deciding on the assets, enumerate threats and risks. After this basic work has been done, begin considering WLAN building alternatives.
Think through how new WLAN segments are going to be integrated and how you will use the already existing components of your wired network. The topology, placement of devices and the security measures you take have the direct impact on wireless LAN security.
Apply restrictions to the AP placement in your network. All wireless APs should be untrusted and always placed outside the firewall or within a DMZ.
Integrate WiFi networks and wireless devices with already existing management structure. Decide whether APs, stations and WLAN programs need an inventory, additional configuration and monitoring.
Wi-Fi Protected Access (WPA) is a security protocol that addresses weaknesses found in the preceding system WEP with both types of products being able to interoperate. This protocol incorporates the stable parts of the 802.11i security standard that is a work in progress.
WPA defines TKIP stopgap protocol that mixes a base key with transmitter's MAC address to create a new key. Then an initialization vector is mixed with the derived key to generate per-packet keys. This enhances security from what WEP had to offer. Additionally WPA does a Message Integrity Check (MIC) to prevent data forgery.
WPA with 802.1X has to be used by enterprises for key delivery and refresh. Those that use WEP should upgrade to WPA as soon as it is available for the firmware. The final 802.11i standard will add AES for more robust security but that is rather a forklift than a firmware upgrade.
If your business is already using a VPN access, think of using it for WLAN security. It makes the most sense when WAN and LAN security policies are consistent with the same encryption algorithms and credentials.
Wireless LANs however have their own set of VPN issues:
- With a high-speed wireless LAN there is more data to encrypt. In order to provide support for wireless encryption one may need additional gateways, specifically when using 802.11a/g at link speeds up to 54 Mbps.
- Tunnels are tied to IP addresses. With APs changing IP addresses broken tunnels are reestablished but the disruption is often noticeable. In smaller wireless networks several access points may be sharing the same DHCP scope, while in larger wireless networks when stations roam the tunnel persistence can be provided by wireless gateways.
- Deploying a client can be expensive and difficult to implement. Reusing already deployed clients is different from adding new ones with new policies.
Control the Wireless Signal Range
When working in a smaller office you don't need a high range of your router to be active. You can either change the mode for your WiFi router to 802.11g (instead of 802.11n or 802.11b) or start using a different Wi-Fi channel.