A wireless network can help your employees stay productive as they move around your company. But to take advantage of the benefits of wireless networking, you need to be sure that your network is safe from hackers and unauthorized users.
Every device in a wireless network is important to security. Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to safeguard traffic.
Cisco recommends a five-step approach for reducing risks to your wireless network:
Create a Wireless Security Policy
To protect a wired network, most companies start by developing a written security policy. This policy specifies who can use the network, and how. You can use the same approach to protect your wireless network.
Many templates already exist to show what a security policy should cover (view an example). A typical security policy will include:
- Acceptable use policy, to specify what types of network activities are allowed and which ones are prohibited
- E-mail and communications activities, to help minimize problems from e-mails and attachments
- Antivirus policy, to help protect the network against threats like viruses, worms, and Trojan horses
- Identity policy, to help safeguard the network from unauthorized users
- Password policy, to help employees select strong passwords and protect them
- Encryption policy, to provide guidance on using encryption technology to protect network data
- Remote access policy, to help employees safely access the network when working outside the office
Secure the WLAN
Protecting a WLAN is not difficult. New technology and the Cisco wireless security features make it easier than ever. Cisco uses a Self-Defending Network strategy to protect the WLAN:
- Secure communications: Encrypt data that travels on the network, and authenticate users to be sure you know who is using the WLAN. Cisco supports all industry-standard encryption and authentication methods for the broadest client device compatibility.
- Use strong encryption: As soon as you install your network, set up the strongest wireless encryption you can. Wired Equivalent Privacy (WEP) encryption is adequate, but WPA and WPA2 give you stronger options.
- Change the default network name: When you set up your network equipment, change the default name to make it more difficult for hackers to find. Do not choose your company name, company phone number, or other information about your company that is easy to guess or find on the Internet.
- Use VLANs or MAC address control lists combined with encryption to restrict user access.
- Implement Cisco secure guest access features to allow visitors to connect to the network or Internet while keeping your business network and resources separate and secure.
- Be sure that management ports are secured.
- Physically hide or secure access points to prevent tampering. In many buildings, Cisco access points can be installed in the plenum space above the ceiling, providing optimal coverage in a secure location.
- Use video surveillance cameras to monitor your office building and site for suspicious activity.
Protect Your Wired Network from Wireless Threats
- Install wireless intelligent protection switching (IPS) devices to prevent unauthorized, "rogue" access points and other wireless threats—even if you do not have a WLAN. The Cisco Unified Wireless Network is designed to monitor for and prevent these threats.
Protect Your Company from Outside Threats
- Protect wireless devices with the same security you use for the company network, such as firewalls, VPNs, and antivirus software. The Cisco ASA 5500 Series Adaptive Security Appliance is an all-in-one device that can help safeguard your network with a firewall, secure VPN, protection of voice and video traffic, and more.
- Use the Cisco Clean Access network admission control (Cisco NAC) appliance to make sure any device using the network meets your security standards.
Figures 1 and 2 illustrate the architectures of the Cisco NAC Appliance and Cisco NAC Framework.
Figure 1. Cisco NAC appliance architecture for Cisco Unified Wireless Network
Figure 2. Cisco NAC framework architecture for Cisco Unified Wireless Network
Get Employees Involved
Your employees can be your most valuable asset in protecting the network. Without education on the need for this protection, most employees are simply not aware of the risks. For example, most people do not realize that the simple act of plugging an unsecured access point into an Ethernet jack endangers corporate network security. Get your employees involved in protecting the network. Informational posters and training about security, passwords, and privacy can help you keep your critical business communications secure.
Learn how Cisco can help you map business challenges to specific technology solutions
Find Cisco-recommended managed service providers with a focus on small and medium-sized businesses.
Find Cisco value-added reseller that focus on the needs of small and medium-sized businesses.