Lock Down Your Wi-Fi Network: 8 Tips for Small Businesses
4. Offer Separate Wi-Fi for Guests
Never allow an untrusted or unfamiliar person have access to your private Wi-Fi network. If you want to offer visitors or guests wireless Internet access, make sure that such access is segregated from your company’s main network so they can’t possibly get into your computers and files, and eavesdrop on your traffic.
Consider purchasing a separate Internet connection for guests and setting up an additional wireless router or APs. Some wireless routers, such as D-Link’s Xtreme N Gigabit Router (DIR-655), offer guest access on another SSID, or network name, that’s separate from your private network and requires only a single Internet connection. To see if your router offers this option, check the user manual or log in to the router's Web-based control panel by typing its IP address into a browser and look for a guest feature. Additionally, most business-class APs offer the same functionality by creating Virtual LANs (VLANs) and multiple SSIDs.
When configuring guest access, you could even enable separate encryption so you can still try to control who connects and uses your Internet access. With a wireless router, you should use the guest access settings--such as those shown in Figure 5--for this purpose.
5. Physically Secure Your Network Gear
Besides enabling encryption to secure your private wireless network, you need to think about the physical security of your network. Make sure that your wireless router or APs are all secured from visitors. An intruder could easily plug into the network if it’s in reach or reset it to factory defaults to clear the security. To prevent this, you could, for instance, mount the hardware high on walls or above a false ceiling. Also, if your office has ethernet network ports on the walls, make sure that they aren’t within the reach of visitors, or disconnect them from the network. If you have a larger network with a wiring closet, make sure it says locked and secure.
6. Secure Your Wi-Fi Outside the Office With VPN
You also need to secure your Wi-Fi connections when on other untrusted networks, such as public hotspots. You can use a virtual private network (VPN) connection, which secures all your Internet traffic by redirecting it to the VPN server via an encrypted tunnel. This ensures that if local eavesdroppers are hanging around a Wi-Fi hotspot, they won’t see your real Internet traffic and can’t capture your passwords or hijack any accounts.
If your employer or organization offers VPN access, you can use it to secure your Wi-Fi and also to remotely access the network. But if such a VPN isn't available, consider hosted services. Many free ones are designed for Wi-Fi security--Hotspot Shield, for example. However, for better reliability and better speeds, you might consider a paid service, such as Comodo TrustConnect.
7. Ensure Websites Are Encrypted Outside the Office
If you don’t use a VPN connection to secure all your traffic when out of the office, at least ensure that any websites you log in to are encrypted. Highly sensitive websites, such as banks, use encryption by default, but others, such as social networking sites and email providers, don’t always do so.
To ensure that a website is using encryption, access it via a Web browser and try to use SSL/HTTPS encryption. You can see if the site supports SSL encryption by adding the letter s to its address: https:// instead of http://. If it’s encrypted, you’ll also see some sort of notification in the browser about the security, such as a padlock or green-colored address bar. If you don’t see any notification or it shows an error, it may not be secure; you should therefore consider waiting to access the site until you’re on a private network at home or in the office.
If you check your email with a client program such as Microsoft Outlook, you should try enabling SSL encryption for your email server in your account settings (see Figure 6). However, many email providers don’t support encrypted connections via client programs. If that’s the case, check your email via the Web browser--using SSL/HTTPS--if possible.
8. Shop for Secure Wi-Fi Gear
When shopping for a Wi-Fi router or access points, keep security in mind. As mentioned, some consumer-level wireless routers, such as the D-Link Xtreme N Gigabit Router, offer a wireless guest feature, so you can keep visitors off your private network. And business-class routers and APs usually offer VLAN and multiple SSID support, which you can configure to do the same.
Additionally, some business-level routers offer integrated VPN servers. You can use VPN connections to secure your Wi-FI hotspot sessions, remotely access your network, or link muliple offices together. Some, such as the ZyXEL 802.11a/b/g/n Business Access Point, even have an embedded RADIUS server, so you can use the Enterprise mode of WPA2 security.
When shopping the big-box stores, you’ll find mostly consumer-level wireless routers. You can check the box for features, but I suggest investigating online before purchasing. Check the manufacturer’s site and read through the model’s product description pages to get a better idea of what features it supports.
When shopping online for consumer or business gear, some Web stores include a lengthy description, but again, check the manufacturer’s site for a full feature list.
Eric Geier is a freelance tech writer. Become a Twitter follower to keep up with his writings. He’s also the founder and owner of NoWiresSecurity, which helps businesses protect their Wi-Fi network with enterprise-class security (WPA2 with 802.1X).