Wi-fi Security

Overview

A good Wi-Fi infrastructure is a convenient and easily-accessible form of connectivity within a business. It means that you don't need cables running to your devices and allows you and to work from almost anywhere. But this substantial convenience very often "trumps" any security concerns when deciding whether to implement it or not.

Encryption

There are various forms of encryption available to secure your data as it travels across the airwaves of your Wi-Fi network. Choosing the right security option and implementing it correctly is vital. WEP, or Wired Equivalent Privacy, has been around for years now and is, unfortunately, a default setting on many devices. But it is a poor choice! From a security standpoint, WEP is a hacker's dream scenario, and they will breach your security in no time. However, WPA2 (Wireless Protected Access) or WPA3, if your devices support it, are considered worthwhile choices - when configured correctly. AMITC can verify what type of encryption is in place, and then by using standard hacking techniques, we can test whether your choice of shared key is sensible or if your security needs attention. For example, using a shared key of "password" is, for obvious reasons, a terrible choice! But even a random 10-character string using a combination of uppercase, lowercase, numbers, and special characters would take around 50 years to crack, assuming the choice was not listed in any dictionary (i.e. of commonly used passwords such as "P@ssword01").

Virtual Local Area Networks (VLANs)

Today, it is routine to add a wireless access point to a corporate network and create a Wi-Fi network using a secure shared key that allocates any client an IP address on the corporate LAN. This provides the user with the same access as if they were plugged into a network socket using an ethernet cable. It is also common to see "guest" Wi-Fi networks with different SSIDs but with friendly passwords so that your visitors can conveniently connect and download their email etc. Securely implemented, these guest networks have no access to the corporate LAN, and each client is isolated from one another. But all too often, this configuration is overlooked, allowing visitors to navigate the corporate network unhindered. AMITC can check this configuration and advise you on your current security systems and whether further measures are needed to protect your business.

Encrypted DNS

On a wired network, the information travelling to each device is optimised, so that irrelevant information does not get passed to it. So, a computer connected to one network cable cannot see the data being sent and received by a device connected to another cable. However, this same optimisation cannot occur on a wireless network because the radio waves travel in all directions. Therefore, any unencrypted communications travelling over Wi-Fi can be read by any device on the same network. The good news is that most websites enforce encryption now, but before a device can communicate with a website, it needs to locate its IP address. This process happens via DNS, and herein lies the problem – most DNS data is unencrypted. And, because the data is often unencrypted, another user on the same Wi-Fi network can see the DNS requests your users are making and use this information when fact-finding before instigating an attack. So, it is worth having your settings checked, AMITC can verify whether your DNS traffic is unencrypted or not and advise on the necessary actions required.