WLAN Security Best Practices

Signals from unsecured WLANs that extend outside the corporate network can be found and used by unauthorized personnel—or malicious hackers can force their way in. As we continue into a future in which everything from our phone to our refrigerator operates using a wireless internet connection, it is becoming increasingly important to understand how to keep our WLAN safe and secure.

In this article, we will provide you with everything you need to understand the best practices of WLAN security and give some additional helpful tips. If you want a more personal touch, book a free consultation call with our Wi-Fi security engineers here at SecureW2.

Modify the Default SSID Access

Access points come with a standard network name that you should change immediately upon installation. When renaming the access point Service Set Identifier (SSID), choose something that is not directly related to your company; do not choose your company name, company phone number, or other readily available information about your company that is easy to guess or find on the Internet.

By default, access points broadcast the SSID to any wireless client within range. For some applications, such as hotspots or guest access, this capability allows users to find the network without assistance. However, for corporate networks, you should disable the broadcast to limit those who may be casually looking for an open wireless network.

Set Up Rogue AP Detection

One of the most common wireless security threats comes from a rogue access point. Many times a rogue access point is created by employees wanting a faster internet connection or a nearby business wanting free Wi-FI.

The problem is that these routers try to connect to your wireless network and are typically installed in their default mode, so authentication and encryption are not enabled —creating a pretty big security threat.

Upgrade Your Wireless Security Protocol

WPA2-Enterprise has been around since 2004 and is still considered the gold standard for wireless network security for organizations and universities, delivering over-the-air encryption and a high level of security. In conjunction with the effective authentication method known as 802.1X, users have been successfully authorized for secure network access for many years.

However, when using WPA2-Enterprise in a large-scale setting, it can often be difficult to configure and onboard new users.

Onboarding software, such as those offered by SecureW2, eliminates the confusion for users by prompting them with simple steps designed to be completed by anyone regardless of technical skills. SecureW2 has the tools to make your WPA2-Enterprise network as safe as possible. Check out our onboarding solutions here.

Manage Wi-Fi with Digital Certificates

A ton of security issues that wireless networks face stem from a common source: passwords. Passwords introduce the human error element to your network. Passwords can be stolen, lost, or even hacked through MITM or brute force attacks.

Luckily, there is an alternative through the use of certificate-based authentication. Passwords rely on keywords or phrases created by the end-user. Certificates utilize public-key cryptography to encrypt information sent over the air and are authenticated with EAP-TLS, the most secure authentication protocol.

Certificates also offer the benefit of being easily trackable and manageable when paired with a proper certificate management system like SecureW2. You can segment users based on their roles and view network activity for any suspicious behavior. Best of all, you can easily revoke certificates to ensure no bad actors get a chance to damage your network.

While the costs of maintaining and implementing a PKI infrastructure to allow for certificate authentication may seem daunting, SecureW2 can offer an easy configuration to allow you to easily maintain the most secure network possible

Eytan Raphaely

Eytan Raphaely is a digital marketing professional with a true passion for writing things that he thinks are really funny, that other people think are mildly funny. Eytan is a graduate of University of Washington where he studied digital marketing. Eytan has diverse writing experience, including studios and marketing consulting companies, digital comedy media companies, and more.