Wireless security and the importance of a guest network
March 21, 2016
Wireless networks provide many benefits to small businesses. Better mobility, reduced cost, and increased productivity are just a few. These benefits also come with additional risk to the security of the data on your network and anything attached to it. Earlier in this series we discussed physical security, firewalls and end point security however, once a device is attached to your wireless network, it has already bypassed all of those protections. But these risks can be reduced or eliminated with a good quality commercial grade wireless access point.
The signal for a wireless network is provided, in most offices, by either a wireless router or a wireless access point. Many small businesses will use an inexpensive, $150 or less, wireless router that is designed for residential use. The name brand routers have decent encryption capabilities to keep unwanted devices off the network but we have seen most small businesses turn off the encryption to make it easier for guests to connect without having to enter a password. If encryption is on, the password is usually on a whiteboard or posted somewhere in the conference rooms in plain sight and often visible through outside windows. There are several other issues with using a router. If it is not configured properly it can take down the entire network. Even if it is configured properly very few of these routers have the necessary functionality to appropriately secure the wireless network.
The recommended solution is to use a commercial grade wireless access point also known as a WAP. While a WAP can cost from $300 to over $1,000 it offers many features that a wireless router does not. For example, it can be configured to automatically allow access when one types in their network user name and password. It can also be setup to keep the wireless traffic on a separate network to better manage security and utilization. Some commercial WAPs provide the capability to limit which sites can be visited and how much bandwidth can be used. One of the most important features however, is the ability to setup a “guest network.” This is a second network on the WAP that is usually setup for internet access only. When a device attaches to the guest network it only has internet access and cannot access the company’s servers and data without passing back through the firewall. Even though it is called a guest network, many companies require their employee’s smart phones, even if they are company owned, to attach to it instead of the internal wireless network. This protects the network from an infected phone. Also, the amount of bandwidth used can be controlled to provide more resources for laptops and other wireless devices that need to be on the internal network.
When it comes to wireless network security, the old adage “you get what you pay for” is very true. Ask your trusted technology partner to explain how your wireless network is configured to provide security. Then you can sleep at night knowing that your wireless network has not created an unlocked backdoor into your business that has bypassed all the other security measures you have put in place.