How to secure a basic wifi network
NAP or NAC should be implemented
In addition to using 802.11i and WIPS, you should consider implementing a Network Access Protection (NAP) or Network Access Control (NAC) solution. They will provide additional network access management, based on device identification with pre-set policies. They also include a function for isolating problem devices and fixing them so they can quickly get back to work.
Some possible NAC solutions include network intrusion detection and prevention, but you will have to check if it provides specialized wireless protection.
If you are running Windows Server 2008 or later and Windows Vista / 7 for the device, you can use Microsoft's NAP function. If not, look for third-party solutions, such as PacketFence.
Many highly rated products: Best router for multiple devices
Don't trust MAC address filtering
Another rumor about wireless security is that enabling MAC address filtering provides an extra layer of security and management of applications connected to the network. This is a little bit accurate, but keep in mind that hackers can easily spy on your network for a legitimate MAC address, which will then change the Mac address for their machine.
Wi-Fi security from basic steps
Therefore, you should not implement MAC address filtering in the sense that they will help your security, but can be a way of managing devices, end-user computers to the company and your company. connected to the network. You should also pay attention to possible management issues to keep your MAC list up to date.
You should limit which SSID users can connect
Many network administrators overlook a seemingly simple but dangerous risk: users are aware or unaware of a connection to a neighbor's wireless network or access point. ambiguity, opening up opportunities to hack into the machine. However, filtering the SSIDs is one way to potentially prevent this. For example, in Windows Vista (or higher versions) you can use the netsh wlan command to add a filter to the SSID users who want to view and connect. For desktop computers, you can deny all SSIDs except the corporate network. With laptops, the IT staff only has the ability to deny the SSID of the neighbor network, allowing them to stay connected to the hotspot or home network.
Don't forget to protect your mobile devices
Concerns about wireless network security don't stop here. Users who own smartphones, laptops and tablets can be protected on the spot. However, what about when they connect to free Wi-Fi hotspots or to a home wireless router? You should make sure that other Wi-Fi network connections are also secure to prevent intruders or hackers from eavesdropping.
Wi-Fi security from basic steps
However, it's not easy to ensure external Wi-Fi connections are always secure. You will have to combine providing and requesting the use of solutions and communicating to users about security risks with methods of prevention.
First of all, all laptop and netbook models will have to have a personal firewall enabled (such as Windows Firewall) to prevent unauthorized intrusions. You can do this through Group Policy (if you're running Windows Server) or use a solution, such as Windows Intune, to manage computers that are not in the domain.
Next, you will have to ensure that the user's Internet traffic is encrypted while they are on another network by providing VPN access to the corporate network. If you do not want to use a VPN in this case, you can consider other services like Hotspot Shield or Witopia. For iOS (iPhone, iPad, iPod Touch) and Android devices, you can use their VPN app. However, for BlackBerry and Windows Phone 7 devices, you will need to set up and configure a messaging server with this device in order to use their VPN.
Besides, you should also make sure that all network related services are secure, in case the user is not using a VPN while accessing from a public network or an untrusted network. For example, if you provide email access (either over the app or on the web) outside of your LAN, WAN, or VPN, make sure you use SSL encryption to prevent hackers from eavesdropping and snooping. important logins or personal messages.