Mason8
10-04-2013, 06:55 PM
With the explosive rise of smartphones and tablets used in the workplace, wireless networking has moved past optional and into the realm of necessity for almost all organizations. Among other reasons, most users these days have little time or patience to run copious wires through their homes or offices. Subsequently, it stands to reason that wireless security also has become a top priority.
How different organizations implement wireless security is a point of comparison. Organizations such as government agencies, financial services, or healthcare facilities might exert more stringent controls over their wireless networks to protect scads of sensitive data. Smaller organizations on the other hand might opt for more basic measures to meet their security requirements.
That being said, there are a few wireless security best practices that can be applied across the board. Here are a few basic security implementations that should be considered by all organizations, regardless of market segment or vertical.
Out of the gate, any wireless security device or mechanism will have to meet the needs of its customers − that means powerful solutions that offer appropriate levels of throughput, functionality and deployment options in order to meet a variety of needs for large enterprise corporations, SMBs, or small branch offices.
Regardless of size, implementing strong and robust passwords should be the front lines of defence, but far from the only barrier to entry. Failing to apply this basic step is like handing over the keys of your house to strangers − and leaving the gate open too. To that end, passwords for network entry need to be long − typically around 10 characters in length − containing a creative mix of upper and lower case letters, numbers and special characters. And while dictionary words might be easier for the average user to remember, the same most definitely holds true for hackers and other miscreants attempting unauthorized entry into a network.
By the same token, users should also change the default Service Set Identifier (SSID) on the router access point (AP) to something that doesn’t provide any clues to the company’s name or location.
To further secure a wireless network against a dearth of threats, users will need to incorporate strong encryption technologies. At the bare minimum, encryption will help obfuscate and scramble data for hackers and unauthorized users lurking on the network. And that means going above and beyond the default encryption algorithm, relying on something more robust − and less likely to be cracked – to truly keep network data secure.
Meanwhile, another point to consider when hardening a wireless network is the ability to lock down devices. With the emergence and rocket-like growth of personal mobile devices and BYOD trends, device management has grown from luxury to fundamental security function for just about any wireless network.
And here’s why. It’s well-established that more and more employees are demanding − not requesting − that they be allowed to use their personal mobile phones and tablets for work-related functions. However, the wide array of disparate devices, platforms and apps entering and exiting the network on a daily basis creates nothing short of a headache for IT administrators attempting to track, locate and secure business-critical data. Subsequently, device management − the ability to control any device on the network − is now a vital component of any network security strategy. And along those lines, device control features must include strong authentication mechanisms that can distinguish what user or group of users have the ability to access critical data at any given time.
Meanwhile, sophisticated security functions are only as good as an organization’s ability to manage them. To achieve that, wireless security devices increasingly should provide comprehensive, single-pane visibility while offering ease of use and ease of deployment features.
Altogether, those security functions represent the building blocks of a solid wireless security posture but organizations with elevated security ambitions might also incorporate additional security fundamentals such as Web filtering, anti-spam, application control, anti-virus, Intrusion Prevention System (IPS), data loss prevention (DLP) and VoIP support into their overall solution.
And in light of new and growing waves of attacks, wireless security will almost certainly contain advanced threat analysis and defence technologies in the not-too-distant future.
With new crops of advanced threats on the horizon, wireless networks are only going to become more complicated to keep secure. While there is no one antidote, ensuring that all security basics are covered is a good start.
Eric Chan, Regional Technical Director, Southeast Asia & Hong Kong, Fortinet
http://www.networksasia.net/content/8-tips-better-wireless-security?page=0%2C1
How different organizations implement wireless security is a point of comparison. Organizations such as government agencies, financial services, or healthcare facilities might exert more stringent controls over their wireless networks to protect scads of sensitive data. Smaller organizations on the other hand might opt for more basic measures to meet their security requirements.
That being said, there are a few wireless security best practices that can be applied across the board. Here are a few basic security implementations that should be considered by all organizations, regardless of market segment or vertical.
Out of the gate, any wireless security device or mechanism will have to meet the needs of its customers − that means powerful solutions that offer appropriate levels of throughput, functionality and deployment options in order to meet a variety of needs for large enterprise corporations, SMBs, or small branch offices.
Regardless of size, implementing strong and robust passwords should be the front lines of defence, but far from the only barrier to entry. Failing to apply this basic step is like handing over the keys of your house to strangers − and leaving the gate open too. To that end, passwords for network entry need to be long − typically around 10 characters in length − containing a creative mix of upper and lower case letters, numbers and special characters. And while dictionary words might be easier for the average user to remember, the same most definitely holds true for hackers and other miscreants attempting unauthorized entry into a network.
By the same token, users should also change the default Service Set Identifier (SSID) on the router access point (AP) to something that doesn’t provide any clues to the company’s name or location.
To further secure a wireless network against a dearth of threats, users will need to incorporate strong encryption technologies. At the bare minimum, encryption will help obfuscate and scramble data for hackers and unauthorized users lurking on the network. And that means going above and beyond the default encryption algorithm, relying on something more robust − and less likely to be cracked – to truly keep network data secure.
Meanwhile, another point to consider when hardening a wireless network is the ability to lock down devices. With the emergence and rocket-like growth of personal mobile devices and BYOD trends, device management has grown from luxury to fundamental security function for just about any wireless network.
And here’s why. It’s well-established that more and more employees are demanding − not requesting − that they be allowed to use their personal mobile phones and tablets for work-related functions. However, the wide array of disparate devices, platforms and apps entering and exiting the network on a daily basis creates nothing short of a headache for IT administrators attempting to track, locate and secure business-critical data. Subsequently, device management − the ability to control any device on the network − is now a vital component of any network security strategy. And along those lines, device control features must include strong authentication mechanisms that can distinguish what user or group of users have the ability to access critical data at any given time.
Meanwhile, sophisticated security functions are only as good as an organization’s ability to manage them. To achieve that, wireless security devices increasingly should provide comprehensive, single-pane visibility while offering ease of use and ease of deployment features.
Altogether, those security functions represent the building blocks of a solid wireless security posture but organizations with elevated security ambitions might also incorporate additional security fundamentals such as Web filtering, anti-spam, application control, anti-virus, Intrusion Prevention System (IPS), data loss prevention (DLP) and VoIP support into their overall solution.
And in light of new and growing waves of attacks, wireless security will almost certainly contain advanced threat analysis and defence technologies in the not-too-distant future.
With new crops of advanced threats on the horizon, wireless networks are only going to become more complicated to keep secure. While there is no one antidote, ensuring that all security basics are covered is a good start.
Eric Chan, Regional Technical Director, Southeast Asia & Hong Kong, Fortinet
http://www.networksasia.net/content/8-tips-better-wireless-security?page=0%2C1