Wireless Design & Security

Providing wireless internet access is becoming an ever greater need for both staff and customers that frequent modern offices, stores, warehouses, and other types of business environments. Wireless network names (SSIDs) may be visible to any wireless device within range, and those devices may be used to attempt connection to the network. Traditionally, a static password or phrase was pre-configured in the access point, controller, or wireless router that was required to grant access and enable network connection.

Staff turnover proved to be an issue with static wireless credentials, as terminated employees could park outside the facility and connect to the network without anyone being the wiser. So policies emerged requiring Wi-Fi credential changes following anyone’s departure. However, that prevented all remaining staff from connecting without entering the “new” credentials.

A better wireless authentication model adds a RADIUS Server to allow authentication from an Active Directory account. Now staff connect to the Wi-Fi network with their company credentials, and if a staff member is terminated and their domain account de-activated, they will no longer be able to connect to the Wi-Fi network. Remaining staff will continue to authenticate into the wireless network the same way they did the day before.

Another technique is to implement a captive web portal for access to Wi-Fi, where a device that attempts Wi-Fi connection will launch a web browser and be directed to a web page where credentials can be entered.

There are many other network security aspects that should also be considered. Coverage range, signal strength around solid objects, Wi-Fi channel selection to avoid congestion or interference, meshing or use of central controllers, firmware updates applied to all devices periodically, access level once authenticated, overall network security, staff vs. guest Wi-Fi access, use of VLANs to separate trusted vs. un-trusted users, and whether to charge a fee for internet access are a few such considerations when selecting and designing Wi-Fi access.

While it may seem simple to keep access open without requiring credentials, this is a dangerous strategy, even for guest networks. This allows any device held by any person to connect into your network, and depending on your access controls, the strength of security policies and the devices that enforce those, this strategy could allow access to confidential information on shared resources.

Contact LeeShanok to schedule a network security assessment, so your strategies, equipment, configuration, and maintenance of your Wi-Fi infrastructure keep your Arizona businesses accessible and safe.

Global phone