Wireless networks are easy to set up, but not so easy to secure. Because they’re based on radio waves, it’s often difficult to tell where users are connecting from, and whether those access points are vulnerable to attack. Though most networks that use Wi-Fi technology work right out of the box, it’s your job to prevent them from working for anyone but the 500 users in your midsize consulting firm.
Security measures have improved greatly since the days of rudimentary wireless protection techniques like MAC filtering, Wired Equivalent Privacy keys and SSID hiding. None was strong enough to stave off more sophisticated hackers, and could not be implemented easily on a corporate wireless network with hundreds of users.
Those problems were solved with the advent of Wi-Fi Protected Access. WPA protects large wireless networks with the Temporal Key Integrity Protocol (TKIP), which encrypts individual packets with 128-bit keys. It uses certificate-based authentication to make managing a big network less of a headache; the certificates can be distributed quickly with configuration management tools. A Remote Authentication Dial-In User Service (RADIUS) server consolidates user password authentication to a central location.
But is securing your wireless network cost-effective? It can be if you implement the latest version of WPA, called WPA2, which is based on the 802.11i standard. The new version’s encryption features, including the Advanced Encryption Standard and the Counter Mode CBC-MAC Protocol, offer greater protection than TKIP.
If you already own WPA-based Wi-Fi firmware, you can upgrade it with a free download to support WPA2. Make sure, however, that your client software will work at your network’s various access points; interoperability among software vendors can be a problem.
