Wi-Fi Exposed: Six ways to build a secure wireless network

Posted by Susan Sison on Jan 27, 2016 1:30:50 PM

Businesses depend on secure wireless access to ensure effectiveness in a fast-paced world. Unfortunately, wireless connectivity presents a whole world of new security challenges. You can’t afford to pass up the immense power and flexibility of the mobile Web, but it’s crucial to take every step possible to protect your business data.


Let’s look at six key ways to ensure secure wireless access in your growing network:

1: Manage BYOD

In the era of “Bring Your Own Device,” manually developing policies for every type of device your workforce might use to access the network is harder than ever. Although endpoint validation, discussed below, can streamline BYOD security, the most important mobile device management steps are taken at the policy level. Ensure all users understand basic principles of security and how to protect devices that might be used while traveling or in public places.

2: Strong Authentication

Strong authentication goes beyond the fallible “knowledge factor” – the old-fashioned idea that knowing a single secret piece of information is sufficient to secure vulnerable assets. In true strong authentication, at least two independent factors are used to verify user credentials so an account cannot be compromised without both. For example, many implementations of “2FA” use a password as well as a one-time code sent to the user’s phone.

3: Endpoint Validation or Host Checking

Endpoint security requires that all network endpoints – such as laptops, phones, and tablets – be in compliance with security standards before access is granted. Software like ClearPass can verify connecting devices have active, up-to-date antivirus protection and firewall software, developing security profiles for each device type. Devices that don’t conform to security best practices should be excluded from network access until their problems can be resolved.

4: Web Content Filtering

Sometimes, the worst security mishaps are the ones users bring on themselves. A captive portal can help ensure users are properly credentialed before accessing resources – but for true threat protection from social engineering and more, content filtering is essential. Denying access to non-essential websites can strengthen users against phishing and other threats while improving convenience for authorized users.

5: Group-Based Access Control

If you allow guest access, a dedicated guest network – outside your system’s “secure zone” – can enhance security, ensuring guests can’t attempt a brute force attack against your internal network. In a more general sense, group-based access control focuses on authorizing each network activity on the basis of strictly-defined roles. This can be combined with the “Principle of Least Privilege” – the idea each user should have only the level of access essential to their duties.

6: Empower Users Securely

Seamless wireless access means using a cloud implementation that can securely extend key assets to stakeholders anywhere on Earth. Your cloud network should benefit from a highly redundant “cloud controller” architecture with sufficient failover so technical problems in any individual node won’t bring down your network. At the same time, it’s important to use high-level encryption to prevent “man in the middle” attacks and secure your sensitive data.

NCA Makes Secure Wireless Easier Than Ever

When it comes to your business, secure wireless can make a big difference. Even a small data breach could cost millions of dollars, poison your relationships with your customers and investors, and even expose you to compliance woes. NCA has the expertise you need to ensure every aspect of your wireless network is fully protected. With years of experience, we can evaluate your needs, harden your network, and simplify your network operations.

Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.

NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.