When's the last time you've really thought about your network security?
More and more businesses these days have a Wi-Fi network of some size, and that means ensuring it's properly secured. Due to its nature, Wi-Fi presents an easy way for an intruder to get into your network, often without having to even be inside your building. This leaves a permanent “back door” into your data that must be locked as tightly as possible.
Even Ethernet networks face substantial security challenges, especially given how effective password-cracking software has become.
The costs associated with a single data breach can often be staggering, with companies seeing total damages of tens of millions of dollars. Depending on your industry, there may be legal liabilities associated with data protection as well, such as the HIPAA regulations on the healthcare IT industry.
Having a secure wireless network is just as important as securing your physical doors. Here are a few things to look out for.
You're still using any default passwords.
It seems like common sense, but a truly amazing number of users and even businesses never change the password on their network hardware from the manufacturer's default. Unfortunately, what they don't realize is that there are so-called “rainbow lists” that are easily obtained and contain every known default password from a manufacturer. Such passwords can be broken in seconds by virtually anyone who wants to.
Basically, don't be like the nearly two million people who decided that “123456” was a great idea for an Adobe password. (And don't use it on your luggage, either.)
You haven't changed the default SSIDs. This one is less obvious, but consider it a red flag. If a business hasn't changed the SSID on their wireless devices, hackers will think it likely they're going to be lax in their security in other ways. Changing your hardware SSIDs is a quick and easy way to discourage hackers from probing your defenses.
Using private SSIDs is another option, one which would significantly enhance your network security by preventing access by anyone who doesn't know the name of the network. Of course, this adds an extra level of complexity for people logging in.
You aren't using WPA2 security. Since its release a few years ago, WPA2 has become the industry standard for secure Wi-Fi encryption that's relatively uncrackable. If you're still using the older WPA or WEP security formats, we recommend you move away from them as soon as possible because they are both compromised and easily broken by serious hackers.
You're allowing guests onto the main network. There's rarely any reason to allow guests and visitors onto your primary network if they're just wanting to check email and LinkedIn. It's a small hardware investment and a tiny addition to your overall bandwidth to install a guest-login network that keeps them entirely separate from your primary systems.
You require passwords that can't be memorized. Requiring employees to use passwords that include letters of all cases, numbers, and multiple extended characters just guarantees everyone's password will be on a PostIt note under their keyboard. Remember, even Ethernet is only as secure as every user's password. (See above, re: 123456)
Our suggestion? Allow for long (32+ character) passwords so that users can select favorite quotes or phrases, ones they're bound to remember. A four- or five-word phrase is vastly harder to crack than a shorter password full of nonstandard characters.
Virtualized Networking Simplifies Security
Finally, remember that if you aren't on a virtualized network, such as the ADTRAN BlueSocket standard, you can simplify your security by moving towards a vWLAN system that spreads security across the entire network. BlueSocket can move your security onto a single console, while providing universal coverage that's maintained by every device on the network.
So, how is your network security? Have you made any changes recently? Tell us below!