I was at a client’s office today doing some network reconfiguration and I noticed that their wireless access point was wide open. I suggested that they let me lock it down and they said no. Apparently, the perception is that the ability to get on the network easily is more important that implementing security. The irony is that it’s this freedom that makes it so easy to hack.
In order to understand the issue, you have to understand the risks. Then assign a value to those risks – if this happened, then what would it cost you both in terms of repairs and lost information or resources? Then prioritize based on likelihood of occurrence and cost. That’s pretty much it.
So what can happen? Someone could hop on your network to steal bandwidth? Do you want to share the bandwidth that you’re paying for? If your employees work slower, then what is that costing you? If a hacker uses your network to attack someone else, then chances are it will get tracked back to your network and not to his computer. This may make you responsible for the attack.
If someone gets onto your WLAN, then they might as well attack some workstations and servers while they’re at it. They could steal data. If you don’t think that the data is worth anything, then what if they crash a workstation or two? How much are you going to pay your employees even if they can’t work? What if someone has their daily call sheet on their PC, a hacker takes it down intentionally or unintentionally, and now they can’t make their sales calls? If they lose those sales, then you can assign a dollar value to the downtime.
Now that you understand the value of wireless security, come back tomorrow and I’ll tell you how to implement it.