Here are a few pointers for implementing or upgrading the security on your wireless network. Most of these protections can be implemented directly from the management interface of business class wireless access points (AP). You don’t need to do everything here, although each task will may your network safer.
- Encrypt your traffic. Every access point has the ability to run WPA or WPA2 (WiFi Protected Access). This encryption is easy to set up and is the biggest step you can take towards securing your network. Typically you’ll use WPA2-PSK for a pre-shared key and then type that key into every workstation as a password onto the network.
- Don’t broadcast your SSID. This network identifier advertises your WLAN to users – both authorized and unauthorized. Authorized users could get the info from you. Leave unauthorized users in the dark.
- Filter MAC address. This can be easily subverted, but it may slow someone down. Configure your AP so that only specific MAC addresses can connect. You’ll need the MAC address of each workstation that does connect.
- Treat an open network as an unsafe place. If you must run an open wireless network, to provide access for guests, for example, then run it off of a separate AP and firewall it from your corporate network.
- Change the default SSID, administrator account, and password. There are too many APs already out there with the SSID of “Linksys” and the management password being “admin:admin.” There are common lists and knowing this info facilitates hacking. Change the defaults immediately.
- Don’t use an SSID that makes sense to other people. For example, using your company name or address provides a little too much information to people scanning the area. Consider abbreviations, so Nisonto Corporation might use “NC-001” rather than “Nisonto” or “742 Evergreen Terrace).
- Check your antennae. You can upsize or downsize antennae if you have an AP that offers replaceable antennae, which most business class ones do. Of course, you can upsize to get a stronger signal or get a directional antenna to focus radio waves. But have you thought about getting a smaller antenna? The shorter the reach of your wireless network the small your attack footprint is.
- Consider AP placement. Broadcast signals through your office but not into the parking lot.
This is a pretty good start for implementing wireless security in a small business environment. There are more complex methods and equipment, but you probably don’t need that to get started.