Wi-Fi Security – Under the Guise of Safety

By Emanuel Mandat, Sr.System NGneer®

May 17, 2017

Activity Based and Agile Working – Wi-Fi Security for all Devices, All the Time

If you have a guest at home, you normally wouldn’t give a second thought to Wi-Fi Security when handing over your Wi-Fi key. However, for a business, how you give guests and employees access to your wireless network needs more consideration to maintain Wi-Fi security.

The majority of office based workers will use wired connections whilst working at their desk, but as businesses move to activity based and agile working, the company Wi-Fi network has become ubiquitous. Laptops, BYOD tables and netbooks and employee mobile phones will all be connected to company Wi-Fi, and employees will expect the network to reach to wherever they need to work.

Guests at a company office frequently ask for Wi-Fi access to check their email, fetch information from their office via a VPN, or simply to update their Facebook status with their location!

Wi-Fi Security for guests and staff:

Wi-Fi security is a real challenge for many clients. Many will already have two networks in place – a secured internal network for employees, and a restricted guest network that provides only Internet access. But is that safe enough?

The first generation of Wi-Fi networks were secured with a single network password. Anyone wanting to join the network would select the network name from the list of available networks, and then enter a single, shared password. This gives rise to a couple of questions:

• What happens if someone leaves the company? Will you be changing your network password, and requesting the remaining employees to reconnect and update it every time someone leaves?
• What is someone uses the password to connect non-company equipment to the secure internal network, for example connecting their personal laptop which then introduces a virus into the system?
• With Wi-Fi extending past the physical boundary of your office, how do you stop people who aren’t even in your office from using your network?

Wi-Fi Security and the Internal Network:

So let’s start with the best way to secure your internal network. This is where a good wireless controller is useful. The first step is to get rid of the shared password, instead having each user authenticate with their own username and password. This lets you control who has access, and when. It lets you set time ranges when users can connect and what they can connect to. It also allows you to revoke the credentials (the username and password) of someone you no longer want to have access without disrupting everyone else’s access.

The next step is to add device authentication. By using security certificates or other mechanisms, you can ensure that only authorised devices can connect to the network, blocking unknown devices even if a valid username and password is supplied. This can be extended further, blocking devices that don’t have up-to-date security or anti-virus.

A secure internal network is only the first step and is only as good as the password policy that you have in place, and which should be followed by everyone to maintain safety and integrity of the company.

Wi-Fi Security Recommendations for guests:

For guests, we recommend setting up a single wireless network that has no access to the internal system, and only grants internet access. As this is the network that will have a constantly changing set of people using it, it’s important that access can be granted for a limited period of time, and that access cannot be regained after the guest has left without re-authorisation.

A typical guest network has no network password (which could be easily remembered or shared) and instead operates as an open network with no password needed to connect. However, as soon as a device connects, it cannot access the Internet, and is instead re-directed to a portal page – a website where the guest needs to enter more information before they can continue.

The information needed varies, but typically is a passcode or voucher code that has a short life span, perhaps two or four hours, after which it becomes useless. This allows you to hand out network access codes secure in the knowledge they can’t be reused in the future. You can also identify the guests connecting and track what they do on your network, apply limits to how much of the network they can use, limit the speed of the network, or anything else appropriate.

Secure Password Policy:

Once you’ve implemented secure Wi-Fi access, remember there’s more to do to secure your company, documents and financial information from hackers, fraud and theft. We work with clients to determine what is appropriate but this includes a secure password policy that includes:

• Enforcing password history – determines how frequently old passwords can be reused.
• Maximum password age – determines how long a user can keep a password before having to change it.
• Minimum password age – prevents users from changing a password and then immediately changing it back to an old one.
• Minimum password length – enforce the use of secure passwords such as:
  o Passwords must be of minimum 8 characters
  o Must include lowercase or uppercase letters, numbers and symbols
  o Cannot contain user’s name or parts of name, etc.

Conclusion:

Security is an extremely important part of our IT strategy, second only to back-ups being secure and available. As NGneers®, we often begin work at new clients to find very little protection or security protocols in place. This leaves data vulnerable to hacking and even being held to ransom! Hackers are more sophisticated than ever: being several steps ahead with tough wi-fi security protocols will ensure your firm runs smoothly and safely.