Would you rather have something for free or pay for it?
Dumb question right? A free ticket to watch the Seahawks pummel I mean battle the Broncos in Super Bowl XLVIII beats paying $2,100 per ticket any day – unfortunately, not a choice you or I will likely have to grapple with anytime soon.
However, when it comes to wireless networking, this is a question we face all the time. Do I jump on the coffee shop’s complementary network after ordering my quadriginoctuple-frap, or do I use my provider’s network and eat into my data plan?
I would hazard to guess that most of us choose the free option – especially if we are going sit there and nurse that beverage all day – a choice that is repeated every day at coffee shops all around the world. In fact, we have gotten so used to making this choice as customers that we expect Wi-Fi access everywhere, including at work.
And, while an increasing demand for wireless networking may not be breaking news, many organizations still struggle when it comes to successfully deploying wireless networks in a secure manner.
So, in the spirit of the Super Bowl example above (nice work Hawks), I would like to present what coaches often call the fundamentals – only here I’ll talk about five fundamentals of securing your wireless network.
And, I’ll use roman numerals.
But no X’s or O’s.
I. Have a Plan
If you rush out, buy a couple of wireless access points and chuck them on your network, you’ll likely just make things worse. Instead, take time to understand your goals and consider some important pre-deployment questions such as:
- How many wireless users do I expect to have on my network?
- How much wireless coverage and what kind of bandwidth do I need?
- What kind of traffic do I want to allow/restrict? (Pay particular attention to social media and mobile applications.)
- How will I restrict access to the WLAN (by device, by user, by SSID, etc.)?
- Will both corporate and personal devices be allowed access to the WLAN?
It’s also a good idea to draft a network usage policy and have users sign it as this can help to encourage self-enforcement.
II. Implement Access Controls
Segmenting the WLAN (e.g. by VLAN), creating security policies for different SSIDs, enabling station separation, enforcing MAC control lists and user authentication can all help to ensure WLAN users, devices and traffic are only allowed to access intended resources.
III. Synchronize Wired and Wireless Networks
Make sure your wired and wireless security policies don’t conflict. If an access policy is being enforced on your wired network, ensure you are not circumventing it with your WLAN policy.
IV. Use Strong Passwords
Create strong WLAN access passwords and change them regularly. Some strong password creation tips can be found here.
V. Monitor, Adjust, Repeat
Regularly use monitoring tools and review traffic logs to see what’s happening on your network. This will help to ensure policies are being enforced as expected, identify new traffic types and applications to allow/restrict and recognize emerging threats.
To learn more about how WatchGuard can help you to deploy a robust and secure WLAN, check out our wireless page here.