5 Advanced Wi-Fi Network Security Tips

By Eric Geier | Posted December 09, 2009

Are you ready to beef up your Wi-Fi security beyond the basics? Datamation.com has five advanced, yet emminently doable, tips to take your wireless network to the next level of security.


If you've done any Google-ing on Wi-Fi security, you probably have the basics beaten into you: Don't use WEP, use WPA or WPA2, disable SSID broadcasting, change default settings, and so on. Therefore we'll forgo the basics and skip to other ways you might be able to increase the security of your wireless network. Lets get started!

#1 Move to Enterprise Encryption

If you created a WPA or WPA2 encryption key of any type and must enter it when connecting to the wireless network, you are only using the Personal or Pre-shared key (PSK) mode of Wi-Fi Protected Access (WPA). Business networks--no matter how small or big--should be protected with the Enterprise mode, which adds 802.1X/EAP authentication to the wireless connection process. Instead of entering the encryption key on all the computers, users would login with a username and password. The encryption keys are derived securely in the background and are unique for each user and session.

This method provides central management and overall better Wi-Fi security.

Instead of loading the encryption keys onto computers where employees and other users can recover them, each user logs into the network with their own account when using the Enterprise mode. You can easily change or revoke access when needed. This is especially useful when employees leave the company or a laptop is stolen. If you're using the Personal mode, you'd have to manually change the encryption keys on all the computers and access points (APs).

The special ingredient of the Enterprise mode is a RADIUS/AAA server. This communicates with the APs on the network and consults the user database. Consider using the the Internet Authentication Service (IAS) of Windows Server 2003 or the Network Policy Server (NPS) of Windows Sever 2008. If you want to go vendor-neutral, try the popular open source server, FreeRADIUS. If you find setting up an authentication server requires more money and/or expertise than you have, consider using an outsourced service.

Read the Full Story

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date