Everywhere we turn we are overwhelmed with advice on securing our network wireless access points to protect against the threat of unauthorized access. Whether personal or organizational, the purpose of this tidal wave of advice is to encourage every one of us to engage in best practices for securing one of the most readily available entry points to our private or confidential data: our wireless connectivity. Traditionally, wireless network security practices advocated security activities such as hiding the network name or SSID to thwart cybercriminal activity and force hackers to move on to other less secure or more visible targets.
Unfortunately, the progression of hacking tools such as Wi-Fi sniffers and the modernization of device operating systems makes hidden networks almost obsolete. Furthermore, hidden networks often cause intermittent connectivity issues, which only serve to frustrate users without truly addressing data protection needs. Even companies like Apple stipulate that hidden networks and other network hardening activities can adversely affect users’ ability to maintain continuous connectivity.
IT Equilibrium: 3 Steps to Follow
During information security assessments, clients often seek guidance on balancing ease of access and protection of IT assets. The three key steps to striking that balance while meeting the minimum requirements to provide baseline security layering are:
- Network Separation. Separate residential or organizational wireless network access from guest wireless access. Only allow guests to connect – directly – to the internet. Do not provide guests access to any of the organizational IT assets such as servers, storage or printers.
- Strong Passwords. Implement strong passwords. This means a minimum of eight characters: one uppercase, one lowercase, one numeric and one non-alphanumeric. Create unrelated passwords for primary and guest networks. Even stronger passwords, such as the examples discussed in a previous blog, “Password Protection: Tips and Tricks from an IT Expert,”provide added complexity and enhance security.
- Change Passwords. At a minimum, change the primary network password every 90 days. When changing the password, do not use password combinations in succession. For example R0cknR0ll1! – R0cknR0ll2! or R0cknR0ll1! – R0cknR0ll1@. You do not need to change the guest wireless access password on the same timeline but should consider changing it annually with the same requirement of not using sequential passphrases.
Rinse and Repeat
Commitment to these steps often proves to be the failure point. Whether it is the implementation of strong passwords or the password change requirement, most individuals’ rest their information security practices on their perceived risk. For others, an inability to enforce best practices stands between them and information security.
The application of more stringent controls that are compliant with International Organization for Standards (ISO) can help you achieve additional wireless network fortification. In the near future, I will provide an overview of these more advanced controls in the second blog of this series: Wireless Network Security – Advanced and Enhanced!