Since the increase of mobile devices, enterprise networks have become more susceptible to wireless risks, including neighboring WiFi networks, hot spots, and mobile WiFi. It is important to address all the possible risks that are associated with implementing a wireless network.
By nature, wireless networks are often left vulnerable to security threats. There are many different types of threats that can affect a network when it has not been properly secured, including rogue and misconfigured access points, banned devices, and rogue clients. The following are recommendations for how to properly secure a network from various wireless threats:
- Separate internal users from guest users using logical or physically separate networks.
- Implement WPA2 (WiFi Protected Access 2) as the security protocol for encryption and authentication.
- Physically secure APs to the walls and ceilings to prevent theft and tampering.
- Install a wireless intrusion detection system (WIDS) on all networks, even ones that do not offer wireless access, as they help to monitor the network.
- Monitor the communication between networks with different trust levels.
- Utilize personal identification verification cards and certification authentication for user authentication.
- Allow for network users to be able to seamlessly roam between APs without service disruption.
- Comply with various IT standards and regulations, such as:
- Federal Information Processing Standards (FIPS) 140-2 and National Institute of Standards and Technology (NIST) 800-53, to ensure maximum network security.
- Payment Card Industry Data Security Standard (PCI DSS) is a worldwide information security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI DSS v3.2 standard describes clear requirements for building compliant wireless LANs.
- HIPAA (the Health Insurance Portability and Accountability Act of 1996) calls for the establishment of national standards for technology involved in health care transactions in order to protect the health information of individuals. HIPAA applies to any healthcare facility that exchanges patient health information. HIPAA’s objective is to ensure that health information remains private and secure.
- Sarbanes-Oxley Act of 2002 (SOX) addresses financial reporting and corporate governance in publicly held companies. Securing wireless networks are of particular concern to SOX compliance because they can be leaky and breached unless adequate defenses are in place.
The most highly recommended action to reduce vulnerabilities is to implement encryption and authentication such as WPA2 to secure communication and prevent unauthorized access.
For enterprise networks, it is also recommended that a wireless intrusion detection system (WIDS) or wireless intrusion prevention system (WIPS) be implemented. Since they are constantly monitoring and managing the network, these systems have the ability to detect and disconnect unauthorized devices. WIDS/WIPS also provide immediate automated alerts and can be configured to prevent users from connecting to unauthorized access points. Some recommended features of WIDS/WIPS are as follows:
- Rogue client detection capability, rogue wireless access point detection capability, rogue detection process capability.
- Ability to detect and classify mobile WiFi devices such as cell phones, tables, etc.
- Ability to enforce a “no WiFi” policy.
- Provide secure communications between each sensor and server to prevent tampering.
- Have automated and customizable reporting.
- Have different levels of permissions so that specific privileges can be delegated to other administrators.
In order to finish designing a secure network, a site survey is conducted to gather data on any sources of interference and RF coverage barriers. The survey is also used to finalize plans for the installation layout of APs and WIDS/WIPS sensors. Performing the site survey is the best way to improve a network’s proposed deployment and security plan. By finding and identifying external or internal interference sources, network providers are better equipped to design and install a secure network by applying variations of the above recommendations.
When it comes to security, wireless networks are faced with numerous obstacles that can stand in the way. It takes time, energy, and resources to fully design and install a secure network. Installing monitoring systems that can detect security threats is one of the best ways to securely implement access to wireless networks. It is important to always stay alert and aware of what is happening on your wireless network and to mitigate threats as quickly as possible.