WiFi security: How to secure your corporate WiFi network.
Properly configuring your wireless network is one of the most crucial tasks to maintain security of your corporate network.
Wireless networks are all around us with so many different variations some are properly configured and some are not. With today’s growing need for wireless technology proper guidance is needed when setting up these interfaces. Let’s talk about the different types of wireless networks; we have WEP, WPA, WPA2, soon to be WPA3 and so many other typing in existence. So now you're probably wondering which one is best for me? Now the answer will boil down to what applications you're using but we are going to answer all of your questions and break this all down to 5 easy rules on how to set up the perfect WiFi network for your home, business or corporation.
1) What is WEP, WPA or WPA2 and which is best?
First let's talk about the different types of wireless networks. WEP which stands for Wired Equivalent Privacy is one of the first and older wireless network configurations. It was first recognized as part of 802.11 standard approved in 1997, its purpose was to provide data confidentiality just like that of a regular wired network. WPA means WiFi Protected Access, it prevents unauthorized users and encrypts your data to prevent other users from accessing it. WPA2 which basically means WiFi Protected Access II the deference is that it has Advanced Encryption Standard (AES) prior to TKIP. AES is used for top-secret government information and great for personal devices or company WiFi security.This is the ultimate question that many of us have. What type of wireless network should we use? WPA2 is the best and most secure type of WiFi configuration you can use and build your network on. Customizing your WiFi networking using 802.1x and implementing the use of authentication certificates allows only authorized users to data sensitive networks. WP2 Enterprise with TLS is highly recommended for corporate networks.
2) Always separate public and private networks.
Never should guest networks be used for private, work or sensitive data. In some cases guest networks may have the lowest security setting or sometimes are open networks. This means they are the least safe networks to use for important data. Always set up a guest for visitors, contractors and personal devices that are not used for work. Keep work devices on the private corporate with high security measures. Use WPS2, TLS and MDM enrollment for maximum security on your corporate network. Also, one amazing tip that we highly recommend would be to implement subnetting. Creating subnets for internal WiFi and guest WiFi will reduce congestion, organize your network and allow you to track and prevent unwanted network activity.
3) Always lock your routers or keep them in a safe place.
Keeping your network devices in a server cabinet or safe place away from guests and untrusted areas of your business is essential. Someone can easily access your private network if they can gain physical access to the hardware and if the device is not locked. Having your router in the safest place possible will reduce the risk of having your router hijacked.
4) Always change the default settings of your router.
Changing the default setting of your router and switch information, such as passwords, usernames and so on, will reduce the risk of being hijacked by other users who are well aware of the factory default settings of your devices. It is highly recommended to always change the default SSID or network name of your wireless device prior to deployment. Most routers have a default username and password that is widely known to most IT techs and hackers. Changing this information will prevent access to your network and allow you to have a unique network that is harder to crack.
5) Enable firewalls on all occasions.
The use of firewalls can protect your network and the devices that are connected against potential intruders, hackers and any malicious activity. You may also enable firewalls on your devices as well. Most routers have built in firewalls that you can enable to check packets.