Posts

The enterprise-level Wi-Fi security primer

/in /by

Using Wi-Fi has become almost as natural as breathing.

From a business standpoint, some might say it’s critical. We’re online all of the time, every day and everywhere. We rarely consider how we are connected. All that matters is that we have a way to log in.

Wi-Fi has had a profound impact on organizations and employees. It enables users to communicate and collaborate which in turn enhances productivity, agility and ultimately, profitability. It creates opportunity, increases morale and reduces costs.

But despite being so convenient and flexible, best practices for enterprise Wi-Fi security aren’t always followed.

One of the biggest exploits to affect Wi-Fi security was widely publicized last year. Dubbed with the name KRACK, this vulnerability allowed attackers to bypass Wi-Fi security and steal sensitive data, including credit card details, passwords, emails, photos, chat messages, and the list goes on.

The vulnerabilities are real and robust Wi-Fi security is a necessity.

In a world where new cyberthreats and security exploits are unleashed on a daily basis, it’s more important than ever to stay on top of enterprise Wi-Fi security. In doing so, you can ensure your infrastructure and data is protected without compromising seamless access or enhanced productivity.

Identifying the vulnerabilities

The threats awaiting an unprotected WLAN are many.

Passive eavesdroppers can gather sensitive data, intruders can steal bandwidth and wireless traffic can be recorded easily. Even low-level attackers can launch a packet flood that disrupts your network.

If you don’t know what you are securing your Wi-Fi network against, you might as well be taking shots in the dark.

Before a WLAN can be sufficiently planned, deployed and secured, it is essential that all business assets are identified in order to protect them from the impact of theft, damage or loss. At the same time, you should determine who needs access to what and when so that you can define access policies.

WPA2-Enterprise: the recommended industry standard

When it comes to encryption and authentication, you have an increasing number of options available. The method you choose will largely depend on the level of risk that deploying a WLAN opens up and the size of your enterprise. However, the preferred and recommended standard for most organizations is Wi-Fi Protected Access 2 Enterprise (WPA2-Enterprise).

WPA2-Enterprise was first introduced in 2004 and delivers robust security and over-the-air encryption. Authentication is handled by a RADIUS server which authenticates each device before it connects. Once authenticated and connected, a personal tunnel is created between the network and the device, creating a secure connection over which all data is encrypted.

Another point to note is that WPA3 has recently been launched by the Wi-Fi Alliance. While it won’t hit the mainstream immediately, this new standard will provide strengthened user security through individualized data encryption and is certainly one to watch for the future.

Provide a better user experience for everybody

Wi-Fi is designed to allow users to connect and roam, but not at the expense of your network security.

In a business environment that is no longer restricted to trusted corporate users, you also need to secure your network for the BYOD and IoT era. Any device that can connect to your WLAN is a potential threat, whether it’s a client you have known for years or an IoT sensor streaming data in real-time.

In order to provide a positive and secure Wi-Fi experience for everybody, you must define context-based access policies that limit access by user or device. Even better, implement a guest Wi-Fi network that’s separate from your main WLAN and which will segment all guest traffic and isolate it away from your enterprise data.

Good housekeeping and points to note

Network administrators and IT security professionals should also consider these additional housekeeping tips to further secure and manage their enterprise Wi-Fi networks.

  • Deploy a wireless intrusion prevention system (WIPS) and wireless intrusion detection system (WIDS) on every wireless network.
  • Many best practice guides will tell you to change the SSID for your wireless network. It’s important to remember that the SSID is a network name and not a password. There are no security benefits of changing it, but if you need to distinguish your network name from others in the vicinity, changing it can make it more easily identifiable.
  • Ensure all equipment meets Federal Information Processing Standards (FIPS) 140-2 compliance for encryption.
  • Consider centralized WLAN management in the cloud that allows you to configure all access points, manage access policies and analyze network traffic.

Final thoughts on Wi-Fi security

Just like any segment of your network, wireless networks require robust security in order to protect data and systems, while still offering unfettered access to authorized users.

By identifying your vulnerabilities, using recommended encryption and authentication technologies and controlling access to your WLAN, you can ensure that you reap all the business value that Wi-Fi has to offer.

How schools can upgrade their online infrastructure

/0 Comments/in , , , , , , , , /by

Nothing is perhaps more important to the U.S.'s future than maximizing the potential of education. It is through mass schooling that children learn the essential social and learning skills that will prepare them for adult life and professional work. While education is a complex process with many different factors affecting outcomes, access to technology clearly plays a role in children's learning.

It is unfortunate then to learn that 6.5 million students in the U.S. still lack broadband, according to Education Superhighway. Broadband is an essential communication medium for educational facilities with large student and teacher populations, as it allows for messages and online actions to be completed simultaneously.

However, broadband is only one crucial aspect of improving online infrastructure in schools and other educational facilities. Further complicating the matter are tight budgets that many of these institutions must operate within. As the Center on Budget and Policy Priorities reported, state and local funding is still recovering and is well below what it was in 2008.

With this in mind, schools may have to focus on the most essential upgrades first, spreading out the investments in a way that maximizes learning potential.

The advantages of a fiber connection
Sites like Education Superhighway are big on the advent of fiber in the classroom. According to Techno FAQ, one of fiber's biggest advantages is its reliability. Fiber functions on symmetrical connections, allowing downloads and uploads to happen at the same time without impacting connection speed. The system also tends to be more passive and separated from power lines, meaning that it will likely remain operational during a storm.

Time is precious in schools and fiber is designed for high-speed connections, typically over 1Gbps. This allows educators to stream video content in seconds, without having to pause constantly for buffering videos.

A fiber connection allows for high bandwidth and enables faster broadband. A fiber connection allows for high bandwidth and enables faster broadband.

Planning for increased bandwidth usage
Think of bandwidth like a highway: the more lanes there are, the more easily traffic can flow. In a school situation, every student and teacher is a car on that highway – meaning that things will slow down very quickly with only a couple of lanes. Without proper bandwidth, hardware investments will not work the way they should. Even the most up-to-date tablet cannot magically conjure efficient internet connection on its own. 

Bandwidth management can keep everything flowing smoothly. While schools can (and should, up to a point) purchase more bandwidth, management will help reduce the amount of spending while maximizing efficiency. Techsoup for Libraries recommended bandwidth management to help prioritize which programs get access to the connection speed first.

For instance, a student wrongly downloading a new mobile game should never receive the same bandwidth as a teacher trying to stream a news program for a class. Student devices can even be put on a separate, slower network, freeing up room for the educators to use on lessons.

While schools can have their own servers – many universities do – a cloud services provider can help alleviate this investment. Just be sure that any contracted third party has the proper security certification to be a trusted partner.

"Wearable technology like smartwatches are starting to enter the educational space."

Factoring in IoT and BYOD
Whatever the plan, make sure spending accounts for more than just the computers in the classroom. Everyone, student and teacher, has a smartphone. Numerous other wearable technology like smartwatches and similar products are also starting to enter the educational space. As the internet of things continues to grow, each one of these devices could sap bandwidth away from where it is needed.

This represents a cybersecurity issue, especially as most faculty and students are bringing their own devices. School online infrastructure should carry a layered password system to ensure that access is restricted to authorized users. In addition, the principle of least privilege should be applied.

This will ensure that students on have as many permissions as they need, keeping them away from confidential teacher data. Ideally, the IT team will have oversight and the only administrator privileges on the network. This way if there is a breach, the potential damage will be contained.

Remote monitoring programs are useful tools for school systems that cannot afford to keep a dedicated IT staff in every building. While this software is convenient, schools should be wary of investing in any solution without doing the proper research. A report from Schneider Electric analyzed a possible danger in certain solutions as, if compromised, they provide an open window for cyber criminals to inflict damage.

Students can be placed on a separate network, freeing up bandwidth and reduces the likelihood of a school data breach. Students can be placed on a separate network, freeing up bandwidth and reduces the likelihood of a school data breach.

Preparing for 5G
Any education institution investing in wireless internet infrastructure needs to consider 5G. While not readily available now, 5G has already begun limited rollout and is expected to start becoming widespread in 2020, according to IEEE 5G. This will serve as not only the next telecommunication standard but will also empower higher capacity, massive machine communications.

Essentially, the bandwidth concerns of today may be outdated and a whole new set of possibilities and problems will open up. While it is still too soon to definitively say with certainty what kind of wireless internet infrastructure 5G will bring, schools that need to design systems between now and 2020 should incorporate easy scalability into the infrastructure. It makes no sense to optimize exclusively for platforms that may soon be obsolete.

As schools and other education establishments begin improving online infrastructure, a solid IT solutions provider can help smooth the transition and reduce cost spending. ISG Technology stands ready to do its part in ensuring that the U.S. education system empowers the most complete learning experience in the world. Contact us today to learn how we can help update your infrastructure.