Instead of loading encryption keys into computers where employees and other users can discover them, each user will log into the network with his own account when using the Enterprise mode. You can easily change or revoke access if needed. This method is especially useful when employees leave the company or the laptop is stolen. If you use Personal mode, you will have to manually change the encryption keys on all computers and access points (APs).
A special component of the Enterprise mode is the RADIUS / AAA server. This server will communicate with APs on the network and look up user databases. Consider using Internet Authentication Service (IAS) of Windows Server 2003 or Network Policy Server (NPS) of Windows Sever 2008.
2. Physical security verification
Security for a wireless system is not merely technical work. You can get the best Wi-Fi encryption technology, but someone can still access your network using an ethernet port. Or someone can enter your company or home and press the access point reset button and restore the factory default settings and to fully open your wireless network.
Make sure all your APs are out of reach for people who are not needed and out of sight for employees in the company. Instead of placing APs on a table, attaching it to a wall or ceiling is the best way.
You might consider attaching out-of-sight APs and installing extra antennas to increase the AP's transceiver signal. This method allows you to secure the AP while still providing good wireless signals through high gain gain antennas.
However, it is not only APs that you need to care about. All network components need to be properly protected, even ethernet cables. Hackers can cut off your ethernet cable and access your network that way.
Along with mounting and protecting APs, you also need to closely check your APs. Create a spreadsheet to record the AP models used with IP and MAC addresses. Add to that the place to put them. This way helps you know exactly where to place the AP when performing checks or checking a problematic AP.
3. Install intrusion detection and prevention system (IDS / IPS)
These systems often have a software program to use your wireless adapter to detect whether Wi-Fi signals have any problems. They can detect fake APs, a new AP that appears on the network or an existing AP that is reset to default settings or doesn't match a set of standards you've defined.
These systems can also analyze network packets to see if someone may be using hacking or jamming techniques.
There are many different intrusion detection and prevention systems and use many different techniques. You can use free or open source options to talk about like Kismet and Snort. Besides, there are many commercial products of other companies like AirMagnet, AirDefense and AirTight.
4. Create policies to use wireless networks
Along with the instructions for using the computer, you need to have a special set of policies for accessing Wi-Fi networks, at least those policies must be the same as those listed below:
5. Use SSL or IPsec above Wi-Fi encryption
Although you may be using the latest Wi-Fi encryption (on layer 2 of the OSI model), you still need to consider implementing another security mechanism, such as IPSec (on layer 3 of the model). for OSI). In addition to providing double encryption on wireless systems, it can also protect wired connections. This method will prevent eavesdropping from the staff or bad guys outside penetrating the ethernet port.