Secure Wi-Fi network in small businesses

Secure Wi-Fi network in small businesses Picture 1 Network administration - The security of a wireless network must come from many angles. Encryption can help prevent unauthorized users from connecting to the Wi-Fi network, but this method is still really ineffective if this unauthorized user breaks into your corporate building. In addition, the encryption key may be cracked, so your security system will not. However, no matter how you say it, encryption is still the most important security layer for wireless networks, so you need to use other measures to add more layers of security.

The tips in this article describe some techniques and methods to protect Wi-Fi networks in small businesses.

Use WPA encryption - preferably WPA2

The Wired Equivalent Privacy (WEP) encryption method has been used for a long time and gradually shows some limitations in Wi-Fi security. In some cases these encryption method keys can be easily and quickly broken. Therefore, you should use the advanced Wi-Fi Protected Access encryption method (WPA or WPA2).

The first WPA version, which uses the Temporal Key Integrity Protocol (TKIP), has also been heavily attacked recently. However, WPA weaknesses are not as bad as WEP and using strong passwords can help. However, if the computers and network devices in your enterprise support WPA2 with the Advanced Encryption Standard (AES) algorithm, use this new technology.

Use the Enterprise version of WPA / WPA2

To prevent employees from seeing encryption keys or passwords and not loading them on their computers, use the Enterprise version of WPA or WPA2 instead of the Pre Shared Key (PSK) version or version personal use. Besides, in case an employee leaves the company, he will definitely still have the key to open your company network. In addition, their laptops may be stolen and thieves who steal the laptop will be able to know the lock. So you need to change the encryption settings, but that is a difficult job. In this case, use WPA / WPA2-Enterprise to hide the real encryption keys; The program also never loads them into computers. After everything is configured, the user logs in to the network with the username and password that has been changed or revoked.

WPA / WPA2-Enterprise requires a RADIUS server, which is the server used to manage user accounts. You can use the RADIUS server series for use in small businesses like Elektron and ClearBox for about $ 600 to $ 700. To save costs, you can choose a server-based service such as WiTopia, which costs about $ 99 per year. Another option is to buy an access point that has an ZYXEL-supplied RADIUS server such as NWA-3160 for about $ 140.

Secure Ethernet ports

Although the latest Wi-Fi encryption technology can be used, it is still useless if someone uses Ethernet ports right in your corporate building to access the network. In addition, some employees may accidentally plug their AP (access point) into a port to create a wireless access point to your local network via this Ethernet port. To limit such situations, you need to make sure that all routers, APs and network devices are hidden and protected.

For more secure protection for wired networks, you can use 802.1X authentication if you know your enterprise class devices support it. Using MAC address filtering can also help prevent unauthorized users from accessing the network. However, both of these measures do not hide traffic before those stealing access to wired networks - see next tips.

Use extended encryption (VPN)

To encrypt wired networks and increase encryption for Wi-Fi networks, you can use VPNs by purchasing a standard VPN server, installing server software on a computer or buying a service. . Each computer on the network can be configured to connect to the VPN server. Then, the traffic of users on the wired network side will be encrypted more securely.

Do not connect to other networks

Because computers may be sharing files or contain sensitive data in them, you need to avoid connecting them to other networks. Check Windows to make sure it is not set to automatically connect to available networks. In Vista, you can use WLAN commands for the Netsh utility to block all your network except your network. This will prevent company employees from accidentally connecting to nearby networks.

Separate traffic between VLANs

Dividing your network into private virtual networks (VLANs) will create internal security. With this method, you can better control the resources and network traffic that employees can access and receive. It is possible to set up so that regular employees will not be able to open shared files on management staff computers. In addition, if an employee checks network traffic with bad intentions, the employee only sees the traffic on their own virtual network. VLANs can also provide extended security when unauthorized users can access the VLAN. In addition, if someone wants to increase unauthorized access, this person can only access a certain part of the company's network.

Secure shared folders and NAS devices

To precisely control the files and resources that users can access, you need to verify the file sharing permissions and NTFS permissions of files and folders. In addition, configure sharing settings for any network drive or NAS device (network attached storage). Configure help settings to prevent users from authenticating access to files.

Verify the firewall

To protect your network on the Internet or internal attacks and unauthorized intrusion, you often have to use a firewall on computers and on your network router. Ports should only be opened when necessary. To increase security, you can define the range of IP addresses that can be used for ports.

Use MAC address filtering

Although Wi-Fi hackers can easily deceive the MAC addresses of network adapters, if you use address filtering, you can add another layer of security to your system.

Disable SSID promotion

Not promoting network names will make Wi-Fi hackers take longer to detect your network, which is another way to increase the security of your system. However, you need to know that SSID can still be traced and detected in some time by some tools. In addition, hiding the SSID can cause some problems, such as it can cause connection problems.

Timely upgrade

Protecting your network and computers requires some maintenance. You need to periodically check software updates for routers, access points and other components. However, you also need to check the network adapters integrated in the computers and upgrade the latest drivers for them if available. In addition, make sure that the operating systems on all computers need to be updated in a timely manner with patches. Maintaining these jobs will help you avoid the dangers of software flaws as well as system hardware and add security support from new features.

Control the coverage of electromagnetic waves

If you can block radio signals to and from a certain area of ​​the building, then you won't have to worry about Wi-Fi attackers or access guys stealing your system outside. the whole company. Although this is difficult to do in practice, you should also try to reduce the amount of radio signals that leak out. Between relocating APs and adjusting their power levels, you can allow your signal to cover a certain area under your control.