11-06-2011, 04:57 PM
Few people are aware of security threats to their small business network.
You need to secure your home office or small business network so unauthorized people can't connect and possibly access your files or spy on internet traffic to hijack your valuable information and compromise your internet security. The following 4 tips will help you secure your wireless office network.
1. Encrypt Your Wi-Fi
Wireless routers and access points don't come secured by default. The reason is router manufacturers want people to easily install and set up their home wireless network regardless of technical knowhow. Encryption is very important to Wireless networks as they're far more easier to crack if not encrypted.
If you don't enable encryption, anyone can easily connect to your Wi-Fi network.
To prevent this you need to use at least the Personal (Pre-shared Key or PSK) mode of WPA or WPA2 security--preferably WPA2 as it's more secure.
This is the simplest method -- you set an encryption password in the wireless router and/or access points and enter the same password on the computers or devices when connecting to the Wi-Fi. Use a strong encryption password: up to 63 characters, mixed upper and lower case, and add in special characters too.
In your company wireless network, you should use the Enterprise (EAP) mode of WPA or WPA2 security. This is so employees don't see the encryption password, and so it's not stored on the computers and devices in case they are lost/stolen.
Access to the Wi-Fi can be based upon usernames and passwords you create for each user, rather than the actual encryption password. Thus, if an employee leaves or a laptop or mobile device is lost or stolen, you can easily change or revoke access for that particular user instead of changing the encryption password on all the equipment.
2 Disable SSID broadcast
Most wireless access points and routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This feature of Wi-Fi networks is intended to allow clients to dynamically discover and roam between WLANs.
However, this feature also makes it easier for hackers to break into your home and office network. Because SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the router or AP.
In a home Wi-Fi network, roaming is largely unnecessary and the SSID broadcast feature serves no useful purpose. You should disable this feature to improve the security of your WLAN. Once your wireless clients are manually configured with the right SSID, they no longer require these broadcast messages.
3. Create a VLAN for Guests
Do not let the public or guests log onto your private network. Even if you have secured shared resources with file or network sharing permissions protected using passwords, they still may be able to eavesdrop on your Internet traffic to capture passwords of important accounts.
Preferably assign them to another virtual LAN and separate SSID if your network equipment supports VLANs and/or multiple SSIDs.
4. MAC Address Filtering
Most of the network administrators hardly care about MAC address filtering as it seems cumbersome to set up and operate. Anoter reason is
MAC address filtering can easily be circumvented by a good hacker. Still, if you keep it enabled, you will make it more difficult for casual snoopers to gain access your network. You determine the computers and devices you want to access the network, and you identify by their unique MAC address. Computers that are not listed won't be allowed to access the network. It's that easy!
Share your opinion, tips and tricks on what you do to secure your wireless network.
You need to secure your home office or small business network so unauthorized people can't connect and possibly access your files or spy on internet traffic to hijack your valuable information and compromise your internet security. The following 4 tips will help you secure your wireless office network.
1. Encrypt Your Wi-Fi
Wireless routers and access points don't come secured by default. The reason is router manufacturers want people to easily install and set up their home wireless network regardless of technical knowhow. Encryption is very important to Wireless networks as they're far more easier to crack if not encrypted.
If you don't enable encryption, anyone can easily connect to your Wi-Fi network.
To prevent this you need to use at least the Personal (Pre-shared Key or PSK) mode of WPA or WPA2 security--preferably WPA2 as it's more secure.
This is the simplest method -- you set an encryption password in the wireless router and/or access points and enter the same password on the computers or devices when connecting to the Wi-Fi. Use a strong encryption password: up to 63 characters, mixed upper and lower case, and add in special characters too.
In your company wireless network, you should use the Enterprise (EAP) mode of WPA or WPA2 security. This is so employees don't see the encryption password, and so it's not stored on the computers and devices in case they are lost/stolen.
Access to the Wi-Fi can be based upon usernames and passwords you create for each user, rather than the actual encryption password. Thus, if an employee leaves or a laptop or mobile device is lost or stolen, you can easily change or revoke access for that particular user instead of changing the encryption password on all the equipment.
2 Disable SSID broadcast
Most wireless access points and routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This feature of Wi-Fi networks is intended to allow clients to dynamically discover and roam between WLANs.
However, this feature also makes it easier for hackers to break into your home and office network. Because SSIDs are not encrypted or otherwise scrambled, it becomes easy to grab one by snooping the WLAN looking for SSID broadcast messages coming from the router or AP.
In a home Wi-Fi network, roaming is largely unnecessary and the SSID broadcast feature serves no useful purpose. You should disable this feature to improve the security of your WLAN. Once your wireless clients are manually configured with the right SSID, they no longer require these broadcast messages.
3. Create a VLAN for Guests
Do not let the public or guests log onto your private network. Even if you have secured shared resources with file or network sharing permissions protected using passwords, they still may be able to eavesdrop on your Internet traffic to capture passwords of important accounts.
Preferably assign them to another virtual LAN and separate SSID if your network equipment supports VLANs and/or multiple SSIDs.
4. MAC Address Filtering
Most of the network administrators hardly care about MAC address filtering as it seems cumbersome to set up and operate. Anoter reason is
MAC address filtering can easily be circumvented by a good hacker. Still, if you keep it enabled, you will make it more difficult for casual snoopers to gain access your network. You determine the computers and devices you want to access the network, and you identify by their unique MAC address. Computers that are not listed won't be allowed to access the network. It's that easy!
Share your opinion, tips and tricks on what you do to secure your wireless network.