Wireless network security: A how-to guide for SMBs



Similar documents
Simplifying Branch Office Security

Protecting Your Roaming Workforce With Cloud-Based Security

Simple Security Is Better Security

A Manager s Guide to Unified Threat Management and Next-Gen Firewalls

Protecting Your Data On The Network, Cloud And Virtual Servers

The Sophos Security Heartbeat:

Next Gen Firewall and UTM Buyers Guide

Five Tips to Reduce Risk From Modern Web Threats

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

Comparative Performance and Resilience Test Results - UTM Appliances. Miercom tests comparing Sophos SG Series appliances against the competition

Sophos XG Firewall Licensing

Sizing Guideline. Sophos UTM SG Series Appliances. Sophos UTM 9.2 Sizing Guide for SG Series appliances

Sample Data Security Policies

Deciphering the Code: A Simple Guide to Encryption

Botnets: The dark side of cloud computing

Sophos SG Series Appliances

Building a Next-Gen Managed Security Practice

Sample Mobile Device Security Policy

Managing BitLocker With SafeGuard Enterprise

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

Sales Consultant I Engineer I Architect I Support Engineer I MSP. A Simple Overview to Training and Certification

Encryption Buyers Guide

Operating Instructions. Sophos Access Points

How To Secure Your Store Data With Fortinet

The Future of Network Security Sophos 2012 Network Security Survey

Top 10 Security Checklist for SOHO Wireless LANs

Seven Keys to Securing Your Growing Business

Two Great Ways to Protect Your Virtual Machines From Malware

Sophos UTM Software Appliance

IT Resource Management & Mobile Data Protection vs. User Empowerment

PCI Wireless Compliance with AirTight WIPS

Chapter 2 Configuring Your Wireless Network and Security Settings

The Cisco Mobility Express Solution

9 Simple steps to secure your Wi-Fi Network.

IT Resource Management vs. User Empowerment

Simplifying branch office security

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ ITMC TECH TIP ROB COONCE, MARCH 2008

Meru MobileFLEX Architecture

Your Company Data, Their Personal Device What Could Go Wrong?

Sophos UTM Support Services Guide

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

10 easy steps to secure your retail network

MaaS360 Mobile Service

Top 10 Security Checklist for SOHO Wireless LANs

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Network protection and UTM Buyers Guide

SonicWALL Makes Wireless Networking Secure

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Best Practices in Deploying a Secure Wireless Network

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Simple security is better security Or: How complexity became the biggest security threat

PCI v2.0 Compliance for Wireless LAN

CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot

Network Security Best Practices

Security Awareness. Wireless Network Security

Internet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.

Wireless (Select Models Only) User Guide

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Don t Let Wireless Detour Your PCI Compliance

DATA PROJECTOR XJ-A147/XJ-A247/XJ-A257 XJ-M146/XJ-M156 XJ-M246/XJ-M256. XJ-A Series. XJ-M Series. Network Function Guide

CISCO SMB CLASS MOBILITY AND WIRELESS SOLUTIONS: THE RESPONSIVE WORKFORCE

Meru MobileFLEX Architecture

The Attacker s Target: The Small Business

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Wireless Ethernet LAN (WLAN) General a/802.11b/802.11g FAQ

Deploying a Secure Wireless VoIP Solution in Healthcare

Clean VPN Approach to Secure Remote Access for the SMB

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

Complex solutions aren t solutions. We make security for the real world for the pragmatic enterprise. Simple security is better security.

WHITE PAPER. WEP Cloaking for Legacy Encryption Protection

Advanced Persistent Threats: Detection, Protection and Prevention

Citrix GoToAssist Service Desk Security

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

Go Wireless. Open up new possibilities for work and play

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access

Úvod k Cisco wireless riešeniam a Cisco Small Bussines Wireless (Linksys)

Meraki Wireless Solution Comparison

Security in Wireless Local Area Network

Mobility Challenge. Challenge #1: User Experience:

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

How To Protect A Wireless Lan From A Rogue Access Point

Buyers Guide to Web Protection

Best Practices for DanPac Express Cyber Security

Cloud-Based, Distributed WiFi Management. Effortless and Affordable

Protecting the Extended Enterprise Network Security Strategies and Solutions from ProCurve Networking

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

Chapter 3 Safeguarding Your Network

SwannEye HD Security Camera Wi-Fi Connections Quick Setup Guide. Welcome! Lets get started.

Mobile Madness or BYOD Security?

Table of Contents SECURING THE WIRELESS NETWORK GUIDE 2

WI-FI VS. BLUETOOTH TWO OUTSTANDING RADIO TECHNOLOGIES FOR DEDICATED PAYMENT APPLICATION

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

How To Manage A Mobile Device Management (Mdm) Solution

Transcription:

Wireless network security: A how-to guide for SMBs

Wireless network security: A how-to guide for SMBs WiFi networks are a requirement for doing business today. Employees rely on them to have constant access to their business applications to check customer data, process transactions, etc. Customers expect WiFi access for the convenience of using their mobile devices anywhere, any time whether they are waiting for car repairs, shopping in a second-hand store or enjoying a meal at a bistro. Unfortunately, research shows that small- and medium-business (SMB) WiFi networks represent a security risk. In a study dubbed Project Warbike, Sophos took one man, a bike, computer, GPS, two dynamos and some solar panels to the streets of London (and many other cities around the globe) to determine how many wireless networks were unsecured. Of the nearly 107,000 wireless networks surveyed, 27% had poor, or no, security. The highest density of poorly secured networks occurred along streets with a high number of small businesses. Setting up an SMB WiFi network is deceptively simple. Install a consumer-grade access point and voilà! everyone has network access. However, business WiFi networks are more complex than home WiFi networks. Business networks must support visitors and contractors as well as employees all of whom need varying levels of access. Businesses also need to enable employees to access the WiFi network with their personal devices. Without proper access controls anybody and everybody can connect to the network, putting sensitive data at risk. SMBs must have the ability to secure and manage their networks. The problem and risks As evidenced by Project Warbike, SMBs are neglecting WiFi security basics. Enabling strong encryption has long been a WiFi security best practice to prevent eavesdroppers from sniffing wireless traffic. But of the nearly 40% of networks using poor or weak encryption, half were using obsolete wired equivalent privacy (WEP) encryption which can be broken in seconds. The other half wasn t using any encryption at all. Changing the network s default public name (or service set identifier, SSID) is also a WiFi security best practice. But of all the wireless networks identified during Project Warbike, 9% were using default network names with no random element, while another 12% were using the default name with some random element per device (e.g., Default-165496). 1 WiFi management challenges are further putting SMB WiFi networks at risk. Consumer access points are insufficient for small business needs. They have to be set up individually and often offer limited or no support for business requirements, such as virtual private networking. Businesses also risk data loss by not managing guest access. Enterprise solutions, on the other hand, are often too resource intensive. They can put undue strain on costs and staff time. In addition, many IT managers in smaller business are all-round talents, who don t necessarily have the skills to manage an enterprise wireless solution. To further complicate matters, SMBs must understand the implications of an ever-evolving technology. The newest WiFi standard was approved in January 2014. 802.11ac supports singlelink and multi-station enhancements. A throughput of at least 500 megabits per second (Mbit/s) is expected for a single link WLAN, and at least 1 gigabit per second is expected for a multi-station WLAN. These enhancements enable the simultaneous streaming of HD video to multiple clients, rapid synchronization and the backup of large data files. 802.11ac access points and routers also include a USB 3.0 interface. 1 These figures exclude default names of obviously identifiable, intentionally open hotspots such as those in hotels and cafes. 1

Security requirements for small business WiFi networks The good news is that WiFi network security doesn t have to be difficult. SMBs can easily improve their security posture starting with these five basic security principles: 1. Choose WPA2 encryption When configuring the wireless network, select encryption using WPA2, the latest security algorithm. Attackers can break older security options like WEP with something as simple as a browser add-on or mobile phone application. 2. Create longer passwords with special characters With code-cracking software an attacker can unlock a weak password in seconds. Create passwords that are longer than 10 characters and include special characters, numbers, and both upper- and lower-case letters. 3. Rename default SSIDs Because WPA2 encryption includes the SSID as part of the password, hackers enter common SSIDs to crack passwords more easily. 4. Don t include business information in SSIDs SSIDs should not identify your business or location. This helps prevent hackers from knowing that the network is worth trying to compromise. 5. Tune the range of the radio Modern access points have multiple antennas and transmit power to help users access the network from farther away. Reducing the power of the radio controls how far from your location someone can pick up the signal, making it more difficult to compromise the network. Beyond these WiFi security basics, SMBs need to implement business-grade security measures such as controlled guest access. Often, customers, suppliers and other office visitors are given IDs and passwords that provide perpetual access to internal networks. Stories abound of contractors whose passwords remained valid for weeks or months after they moved on to other employers. Access should be limited in time and to specific resources on the network. SMBs also need to simplify how they manage multiple access points in central offices. Deploying and managing wireless access points can be time consuming. Complex administration raises staffing costs and increases the likelihood of accidental misconfigurations that cause security vulnerabilities. Similarly, SMBs must address how they manage access points in remote offices. Providing technical support to remote and branch offices can be a challenge. Constant travel is rarely an option, and it is difficult to work through remote personnel, particularly if no local IT staff is available. Administrators need to find tools that allow them to deploy, monitor and update remote access points from a central console. Finally, wireless traffic should be integrated into the network security infrastructure. Cybercriminals are increasingly targeting wireless traffic as an avenue to penetrate corporate LANs. To prevent wireless traffic from becoming a major threat vector, SMBs should ensure that wireless traffic flows through the full network security infrastructure so it can be scanned for malware. Probes and attacks can also be detected. 2

Getting from here to there Securing an SMB WiFi network goes far beyond configuring SSIDs and passwords. Admins need to manage the basics in multiple locations efficiently and reliably. They must be able to tailor access to different employee and guest use cases. They need to ensure that WiFi traffic is scanned and secured just as efficiently as wired LAN traffic. Because cost is always a factor, SMBs must be able to accomplish all of this without additional staff or training. That requires simplicity, which is achieved through equipment consolidation and integration. Only a professional solution can provide the business-level WiFi security that SMBs need. Business WiFi solutions offer a number of options for different deployment scenarios. Access points can be placed on a desktop, or wall- or ceiling-mounted, depending on what coverage is required and how the office space is set up. There are even options that are suitable for outdoor use to provide coverage for loading bays and similar areas, which may be more exposed. Alternatively, firewall or UTM appliances with a built in access point can either provide an allin-one solution or be extended using external access points. When evaluating a WiFi security solution, Forrester Research advises using the five S s : 2 Buying IT solutions based on the fastest access point (AP) or the cheapest 802.11ac AP is dead. However, looking for wireless solutions for a particular business can be daunting due to a dizzying array of architectures and marketing buzz. Forrester recommends that you look for the following in a solution: scalable, shared, simplified, standardized, and secure. 1.1 Evaluate Wireless LANs Using Five Simple Architectural Characteristics Business Wireless Edge Scalable Shared Simplified Standardized Secure Vendor Terminology Flexible/ resilient Unified/open/ programmable Automated Unified/open/ programmable Secured I&O Technical Needs Support a variety of connection environments, conditions, devices, apps, and users with a multitude of software, hardware, and protocol options Linear cost model and architecture Built for multi-tenancy with differentiated user and services Shared resources with business professionals, other teams, and systems Managed a single system Simple and intuitive interfaces Self-forming Wizards and templates for apps and business elements Standard interfaces Orchestration integration Standard processes and procedures for mobile users and administrators Integrated network and application controls, overlaid identity and data Managed as a workflow, not a single technology 115916 Source: The Forrester Wave : Wireless Local Area Network Solutions, Q3 Forrester Research, Inc. Unauthorized reproduction or distribution prohibited. 2 The Forrester Wave : Wireless Local Area Network Solutions, Q3 2014, Forrester Research, Inc., August 29, 2014. 3

Introduction to Sophos Wireless Protection Sophos Wireless Protection, Sophos Access Points and Sophos SG Series appliances with integrated WiFi offer full wireless security while providing flexible access for employees and guests. As just one of the security solutions available as part of Sophos UTM, all management is through a single central console. The solution is fully scalable and can include Network, Web, Email, Web Server, Wireless and Endpoint Protection. Integration with Sophos Mobile Control provides network access control for mobile devices and integration with Sophos Endpoint, the full wealth of protection for devices both on and off the corporate network. Scalable Sophos offers a range of access points and appliances to provide wireless access for businesses of all sizes. Entry-level models offer a cost-effective solution for very small businesses whilst high-performance access points or even firewall appliances supporting 802.11ac offer the latest technology for the highest demands. A Sophos Remote Ethernet Device and a Sophos Access Point can economically provide a branch office wireless network and a full set of network security services. Shared A built-in wireless controller allows administrators to monitor and change security policies centrally for access points throughout the office or campus. These tasks can be handled by the same administrator who manages the security gateway appliance. No dedicated specialist or detailed training is needed. To ensure that no technical intervention is required, the front desk or other designated person can automatically receive vouchers or codes to distribute to provide guest access for hotspots at any time. Simplified Sophos Wireless Protection simplifies WiFi security management through plug-and-play deployment. When new wireless access points are turned on, they appear automatically on the central console. They can be configured and placed into operation in minutes. Sophos also scales to enable the management of WLANs in remote offices. Travel and local IT support are not needed, because all security and wireless networking features can be managed remotely from the central office. Standardized Integration with Sophos appliances also makes available a number of next-generation firewall capabilities for wireless traffic. For example, bandwidth and quality-of-service controls can be implemented to give priority to business-critical applications and throttle the bandwidth allocated to low-priority activities. Using the firewall appliance, authentication provided by backend systems, such as Active Directory, can be used to provide simpler access. Secure Another advantage of Sophos Wireless Protection is that all wireless traffic flows in both directions through the firewall appliance. The local area network is protected by an advanced firewall, a configurable intrusion-prevention system, as well as antivirus and antispam engines. Administrators and security personnel can monitor security events and react quickly to suspicious patterns. Wireless devices receive the same level of security as if they were physically connected to the LAN. 4

Sophos WiFi Learn more at www.sophos.com/wireless United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia and New Zealand Sales Tel: +61 2 9409 9100 Email: sales@sophos.com.au Asia Sales Tel: +65 62244168 Email: salesasia@sophos.com Oxford, UK Boston, USA Copyright 2014. Sophos Ltd. All rights reserved. Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 11.14.wpna.simple

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information