While most people use firewalls and basic safety measures to protect unauthorized use, making sure to provide layers of security for your small business Wi-Fi is the best option. Securing your wireless network is all about layers. Flipping on encryption helps to block people from connecting to Wi-Fi and also blurs the network traffic that passes through the air. However, this does not help if someone can come into the building and plug in. Also, if the encryption key is cracked, you're toast. Although encryption is the most important layer of security for wireless networks, you should use more. The techniques the more you consume, the more secure your network and its data will. The following tips describe many techniques and methods to secure your small business Wi-Fi network.
Use WPA - preferably WPA2
The encryption method Wired Equivalent Privacy (WEP) has been long discredited, and insufficient supply Wi-Fi security. The WEP encryption key can be cracked, in some cases within minutes. You must use the Wi-Fi Protected Access (WPA or WPA2) encryption method.
The first version of WPA, which uses the Temporal Key Integrity Protocol (TKIP) algorithm, also became vulnerable recently. However, weaknesses WPA are not as bad as WEP (yet) and use strong passphrases can help. However, if the computers and network equipment WPA2 support with the Advanced Encryption Standard (AES), use it.
Use the Enterprise version of WPA/WPA2
To prevent employees from seeing the encryption keys or passphrases and have loaded on their computers, you must use the Enterprise version of WPA or WPA2 instead of the Pre Shared Key (PSK) or personal version. Otherwise, when an employee leaves the company, he or she continues to be the key to unlock the network. In addition, their laptops can be stolen and a thief could be the key. Of course, you can change the encryption settings, but it is a headache. WPA/WPA2-Enterprise hides the real encryption key is never loaded on computers. After everything is configured, users connect to the network with a username and password can be changed or revoked.
WPA/WPA2-Enterprise requires a RADIUS server that manages user accounts. There are RADIUS servers targeted to small businesses such as Elektron and CLEARBOX, which cost $ 600 to $ 700. To save money, you can opt for a service that hosts the server to identify you as WiTopia, which runs for $ 99 per year. Another option is to buy an access point with a single integrated RADIUS server such as NWA-3160 ZyXEL, which sells for as little as $ 140 online.
Secure Ethernet Ports
Although you can use the latest and greatest encryption Wi-Fi in the world is useless if someone connects to a port inside the building and can access the network. In addition, employees can even plug in their own AP to a port, intentionally or not, providing wireless access open. To reduce the chances of this happening, make sure that all routers, APS, and network devices are hidden and secure. You can use closets, high places of assembly, or the space above false ceilings.
For security cable, you can use 802.1X authentication, if you have business class gear that supports it. Use MAC address filtering on the network also helps to prevent users from accessing the network. However, none of these methods will hide the traffic from eavesdroppers on the network cable.
Use additional encryption (VPN)
To encrypt the part of the wired network and to double Wi-Fi encryption, you can use VPN. You could buy a standalone VPN server, installing the server software on a computer, or purchase a hosted service. Each computer on the network can be configured to connect to the VPN server. Even a user traffic on the side of the cable network will be encrypted and double encrypted on the airwaves.
As computers may share files or sensitive data on them, you must prevent them from connecting to other networks. Check to make sure Windows is not set to Auto connect to available networks. In Vista, you can even use the WLAN to the commands Netsh utility to block all networks but yours. This would prevent employees mistakenly or intentionally connect to neighboring networks.
Separate traffic with VLANs
Dividing your network into separate virtual networks (VLANs) provide internal security. You can better control the resources and staff of network traffic can access and receive. Thus, a regular employee can not open shared files on computers in personnel management. In addition, if an employee does not monitor network traffic first, he or she will only see traffic on their own virtual network. VLANs can also provide external security, unauthenticated users can be assigned to a separate VLAN. Moreover, if someone makes unauthorized access, he or she has access to only part of a network.
Secure shared folders and NAS devices
To control the exact files and resources employees can access, verify the permissions of folder sharing permissions and NTFS files and folders. In addition, configure the sharing settings for all network drives or NAS (Network Attached Storage). In addition, the configuration of these settings can prevent access to files from unauthorized users.
Check Firewalls
To protect the network from Internet attacks or intrusions and local, you should always have a firewall running on the computers and the network router. The ports should be opened if necessary. For added security, you can set the IP address field that can use the ports.Use MAC address filtering Although Wi-Fi hackers can easily spoof MAC addresses of their network adapters, using the MAC address filtering provides another layer of security. It just takes extra time to enter the MAC addresses of your computers or devices.
Disable SSID broadcasting
While not broadcasting your network name throws only Wi-Fi hackers off for a while, it adds another layer of security. The SSID can still be found in a short period of time with the basic tools. In addition, hiding the SSID can cause a real headache for you, it can cause connectivity problems.
Keep updated hardware
Securing your network and computers requires some maintenance. You should periodically check the latest firmware for the router, access points and other network components. You must also keep track of network cards that are loaded into the computers and update them with new drivers if and when they become available. In addition, make sure that the operating systems on all machines are kept updated with security patches and fixes. Any help keep maintained to ensure the known vulnerabilities are addressed and all new security features are supported.
Keep your Wi-Fi signals Contained
If you could completely block the radio signals incoming and outgoing on the outside walls of your building, you would not have to worry about Wi-Fi eavesdroppers or attackers in the parking lot. Although it is not practical, you can try to reduce signal leakage. Between access points in the transfer and the low speed power levels, you can keep some signals contained in your controlled area.
By Samuel Cole
Posts
No comments:
Post a Comment