Today’s Wi-Fi networks are now more secure than the typical wired network in the same building. While that may seem like a bold opening statement, today this is often the case.

Wi-FiIt is true that WLANs got off to a chequered start 20 years ago, with attackers finding ways around the early security procedures and protocols in place. Consequently, though, the industry devoted a great deal of effort and innovation towards making WLANs much more secure – and they succeeded. There are, however, still challenges in securing any network.

As we know, wireless “leaks out” to the surrounding environment, which means passers-by can see and attempt to connect to any network they choose. As a response, we need to put steps in place to mitigate this threat. For wired networks, physical barriers with locks on the doors and containment physically within the building are the traditional wired networking means of defense. However, if a person with malicious intent is able to gain physical access, perhaps through social engineering, or tail-gating, a device can be connected and access gained which, then, is an opportunity for an attack to commence.

So how have WLANs been addressing security concerns? What has the result of all that investment and innovation been?

Wi-Fi Security Methods

The Gold standard is the use of Digital Certificates. This method is preferable because, unlike user-created passwords, certificates are virtually impossible to replicate. However, this method is also the most complex to deploy for the network administrator. Unless a friendly, user self-service Enrolment System is used to automate the authorization, creation, and distribution of certificates and secure WLAN setup for users can become a time-consuming task.

The Silver standard is a username and password-based authentication – often linked to a user database such as Microsoft Active Directory. This works well, but network administrators need to implement with care, making sure that proper server certificates are deployed to ensure users address a legitimate server, and that user passwords are suitably complex. Interestingly, both password complexity and frequency of change need not be as onerous as imagined and are well explained here.

We must accept that there will be a need to support some devices that cannot support the gold or silver methods. Such equipment often compromises devices that have crossed over from the home market to the workplace as digital transformation has taken hold – smart speakers, video streamers and casters, as well as other IoT devices. Limited to Pre-Shared Key authentication, in the commercial world, the use of a unique static key per device, called Dynamic Pre-Shared Key, provides enhanced security and limitation of a breach if one key is discovered.

2019 will see the introduction of a further security enhancement called WPA3. This new Wi-Fi security standard will replace WPA2, and improve the encryption strength and ease of setup of the methods discussed above.

Role Based Access – with a suitable WLAN infrastructure, the above access methods can map to user roles. Define what is allowed for a user type and apply rules accordingly. Roles provide a plethora of controls, from VLAN allocation, through to simple port and protocol-based firewall rules up to application-based recognition and control, including URL filtering.

View the original post by Neil Goddard.

Predictive, Pre-Deployment, Post Installation and Health Check Wireless Surveys carried out by certified wireless engineers.

We look at Wi-Fi fundamentals, explore the benefits of and technology behind Wi-Fi 6, Wi-Fi 6E and what the future holds for Wi-Fi 7

Net-Ctrl provide network and structured cabling solutions as either a stand-alone installation, or to compliment products and solutions that we offer.

Connect-the-Classroom scheme  is allowing schools to upgrade their infrastructure to a solution that should last 10 years

Net-Ctrl provides two excellent support packages in addition to any equipment purchased. Find out about our Silver or Gold support package

IP-CCTV site survey to assess camera locations and requirement and existing Mobotix solution health checks.

Net-Ctrl offers our Cloud WLAN. Delivering market-leading patented technology managed by the Net-Ctrl engineering team.

We provide an automated Cybersecurity awareness training solution covering both simulated phishing and training courses.

Net-Ctrl offers a range of wireless network solutions. We explore some common questions related to these solutions.

Offering end-to-end, affordable and competitive financing solutions to help you achieve your business goals.