Many people may know the steps to secure their home wireless router, but in a business environment where many users and much more sensitive information needs to be protected, should the wireless security setup still be the same? The security controls for a wireless network (WLAN) is likely to be more stringent with the scale of your corporate network infrastructure and the sensitivity of information that you need to protect.
If you think that your organisation is safe by not implementing wireless network, think again. What happens if one of your company’s employee plugs in a wireless router to the company’s network or enable the WiFi on their laptop that is connected to the company’s network? Your organisation’s data is now instantly available to the outside world, wirelessly.
Signal Strength
If you share an office building with other businesses, chances are that your organisation’s wireless network signal could leak out of your office’s compound. Anyone in your office’s vicinity could piggyback onto your organisation’s wireless network (if it is unsecured) to either gain access to Internet, or access your company’s confidential information!
Some counter-measures that could be put in place are to attenuate the signal beyond the boundary of your office’s compound, such as implementing Faraday cage, or by careful placement of antennas and tuning of signal broadcast strength. However, the hefty cost and hassle involved might not be practical for all organisations. That brings us to consider other solutions – to implement network security and policy controls.
Network Security Controls
You may guard your corporate wireless network from unauthorised access by controlling who gets to access it and ensuring that the data is transmitted securely.
Authentication
By implementing Media Access Control (MAC) address filtering,
you get to control which device may connect to your corporate network. Only devices that have their MAC addresses included in the authorised list may connect to the network. The drawback of this approach is that attackers who intend to infiltrate into your organisation’s network may spoof your organisation device’s MAC address to trick the wireless router and get into your network.
Another more secured authentication control that could be setup is 802.1x authentication. The 802.1x authentication makes use of Extensible Authentication Protocol (EAP), devices that wish to connect to suchwireless network would need to get authenticated by its authentication server through a challenge-response process before they are authorised to access the network’s resources. While this is a more secure approach, the resources, expertise and effort to set up such authentication infrastructure makes it more feasible in large enterprises.
Encryption
The next step in
securing your wireless network would be protecting the information that gets transmitted over the air. Enterprises should enable WiFi Protected Access (WPA2) encryption, which uses a more secure encryption algorithm, on their wireless router to ensure that all transmitted information is encrypted; otherwise, hackers could easily sniff the wireless traffic that is being transmitted.
However, protection of transmitted information doesn’t just stop at your wireless router. If your organisation allows the use of mobile devices such as laptops andtablets for work, and the devices are allowed to remotely connect back to your organisation’s network through WiFi, then your organisation should also implement Virtual Private Network (VPN) to secure information that are transmitted. VPN provides point-to-point encryption of information, even over an unsecured wireless network.
Segregation
If the use of wireless network is only meant for specific purposes
such as surfing the Internet, you may also consider creating various “zones” in your company’s network by setting up firewalls with appropriate port access control. Your company’s employees may be confined to surf the Internet on the least secured “zone” in your organisation’s network while the sensitive corporate information are being kept behind the firewall in a secured “zone”.
Policy Controls
While there are various network security controls that may be put in place to secure your organisation’s wireless network infrastructure, circumstances in your organisation would probably lead you to weigh and balance them against cost, effort and feasibility. In areas where security controls can’t be implemented, we suggest that you safeguard the gaps by implementing policy controls.
For example, if you are unable to implement 802.1x authentication in your organisation, a policy that disallows staff or visitors to bring their personal devices or wireless router to the office could be implemented. If you are unable to disable the use of WiFi on the corporate mobile devices or implement VPN in your organisation, you could also consider disallowing staff to connect to wireless network outside of the organisation.
Administration
Lastly, with all the security controls and policies in place, due diligence is also required to ensure that all the controls that are put in place are in good state.
To ensure that there are no unauthorised wireless connections in your network, you could perform regular review of your company wireless network access log. Scanning your environment regularly would also help to detect any rogue access points in your company’s vicinity or any attempts by your company computing devices to connect to unauthorised networks.
With the appropriate measures in place, wireless network in the workplace will definitely bring you heaps of convenience.