Managing Wireless Network Security
Why Is Network Security Important?
Keeping your network secure is vitally important. Your network is the lifeblood of your company and it is responsible for the flow of data between your users, departments, branches and customers. If you do not have a secure network, you do not have a secure company and you are at risk.
It is important to note that almost all companies have some kind of wireless network running within their organization presently, and the adoption and use of wireless networks is a trend that continues to grow globally. It therefore makes sense for your IT strategy to include Wi-Fi as an essential part of your IT policy documentation. This policy document will help to ensure that your users are aware of any possible security risks that exist, and how to keep themselves and your network secure.
The question of how to keep your wireless network safe is important, and we will take a look at some methods that will help to keep security awareness in your environment at high levels at all times.
To learn more about IT security, visit securityiq.infosecinstitute.com and find out about how you can improve your technical knowledge to help you with managing network security.
[Free Trial] Email Reporting and Threat Analysis
Sign up for a Infosec IQ free trial and try PhishNotify email reporting and PhishHunter threat analysis today!
How Can You Keep a Wireless Network Safe?
There are many ways that your wireless network can be compromised if it is not configured properly, so we will look at some common threats and then some methods of minimizing or preventing any such occurrences from happening within your wireless environment. Understanding how your wireless network fits into the rest of your network is a key to understanding how much risk it presents to your infrastructure.
Security Threats to Wireless Networks
Unauthorized access is a massive security risk on any network and wireless networks offer a potential point of entry for anyone with malicious intent if your wireless environment is not locked down. These include:
- Undocumented Wireless LANs—Sometimes a user or third-party contractor may install an unsecured wireless device and then connect it to a wired point on your network. Their intentions may not be malicious but, by installing such a device on your network, they have created a free pass for any curious parties who wish to connect to it. It is always a good idea to do a walk-around every so often with a Wi-Fi sniffer application on a laptop or smartphone so that you can identify any wireless networks that might be running without your knowledge.
- Masquerading and IP Spoofing—Once an intruder has gained access to your network, they may be able to imitate your internal communications, leading your customers and users to believe that the communications that are sent out by this source are legitimate. The potential for the theft of information and the acquisition of sensitive data is huge, so regular network scans and a careful review of your traffic should be a part of your daily, weekly and monthly system checks.
- Bandwidth Leeching—This is perhaps one of the most common problems that companies face without realizing it. If there is no session-based provisioning of internet access for wireless clients and the wireless password never changes, there is the potential for abuse. Wireless clients that gain access can return to your site and reconnect at any time and, if you do not have content filtering or resource management tools to deal with such connections, you may find that your network is unwittingly providing internet access to unauthorized parties. Simple measures such as MAC filtering and bandwidth allocation can be implemented quite easily, and this can prevent such connections to your network from becoming a problem.
What Can Be Done to Bolster Your Wireless Defenses?
There are several different levels of protection that can be implemented on a wireless network, and will help to minimize the risk of security breaches to your network. These include:
- VLAN isolation
- Centralized WLAN management tools
- Session access for guests
A firewall can serve many overlapping functions on a network and is therefore a crucial tool to have at your disposal. Firewalls allow for the restriction and filtering of online content, access restriction via IP and MAC addresses of specific devices and clients, access restriction via data usage monitoring, and much more. This allows for efficient management of internet and resource usage on your network coming from the wireless segment.
VLAN Isolation of SSIDs
Most modern wireless products allow for different IP address ranges to be assigned to different paths on a network, based on the SSID of the wireless network, in conjunction with managed switches. This means that wireless clients that connect to a network can be isolated on a different IP address range if necessary. For instance, guests may need access to the internet but no internal network resources such as file shares or printers, while employees would need all of this access. The former would connect to a guest SSID and the latter would connect to the company SSID. This type of VLAN separation of SSIDs is a highly effective method of restricting unauthorized access to company resources.
Centralized WLAN Management Tools
While it is not always possible for companies to use one specific brand of hardware throughout their organization, it is normally recommended that the wireless access points are all from the same manufacturer so that they can be managed effectively from one proprietary software application. This allows network administrators to monitor their wireless clients, signal strength, and a wealth of additional information at a glance. It takes the guesswork out of real-time monitoring and is an indispensable tool for a system administrator.
Session Access for Guests
To ensure complete control over your wireless network, you may wish to assign dynamic Wi-Fi access to your guests. This can come in the form of an access key that changes daily, or a quota system that limits a device by time or data usage. This model is especially useful in a business where access to the Wi-Fi resource is billable, such as an airport or university.
Evaluating Your Wireless Network Security
The first step in securing a wireless network is finding out what security measures are in place already and then taking a look at what measures need to be put in place to lock it down entirely. An audit of your wireless hardware is a good place to start, establishing the make, model, and number of wireless access points. This will help you to map out your network coverage and find out what areas are broadcasting your wireless signal within your building, warehouse, or offices.
The next thing to do is make sure that you have an IT policy in place that regulates your Wi-Fi usage. The policy should cover things such as:
- Assets, perceived risks and policy objectives. This helps identify what needs to be safeguarded on your network and why.
- Best practice and security measures. This allows you to explain the rationale behind your security strategy, as well as the best ways to implement it.
- Acceptable usage and enforcement. Here, you will set out what is considered to be fair usage of the wireless network, and what constitutes a breach. There need to be clear consequences for violating your policy, so make that your wording reflects this.
Once you have crafted the document, you need to ensure that all members of staff endorse the contents contained within and that it becomes part of the company’s induction documentation for new employees so that they are aware from day one.
Protecting Your Network Against Threats
The best defense against the threats that we have outlined so far is user education and awareness. By empowering your users, you enable them to make smarter decisions when it comes to using your network’s resources.
As with most educational processes, there is a continual need for you to drive the process through refresher training, company-wide awareness campaigns, and reminders in the form of emails, notices, and announcements. It is through perpetual driving of security awareness that you will protect your network and users by helping them to protect themselves.
The IT policy document should serve as the guiding principal of all security-related issues with the IT department and should be referenced often when communicating with users. Network education and safety within your organization is a key to developing a healthy culture of security awareness, and will benefit your company in the long term.
Network Security Awareness Tips and Resources
Network security requires a multidisciplinary approach, with many techniques, concepts and technologies that need to be mastered in order for you to succeed. We offer a resource library here at / to help keep you in the know about all things related to security in information technology, and to help you on your journey to becoming a network security professional.
Below is a list of some of our network security articles that will help to educate and inform you of interesting and relevant advancements in this ever-evolving industry.
We offer a wide range of network security-related courses for IT professionals. If you have any queries, please feel free to contact us here and we will be happy to assist you further.
[Free] Marine Lowlifes Campaign Kit
You don’t need an unlimited budget or dozens of hours to create a truly engaging security awareness campaign. You just need the right resources and a playbook.