As no cables are needed, the technology offers convenience and freedom, but also harbors a risk to the business. An inadequately protected wireless network could be exploited by hackers, or the data exchanged on the network could be accessed by unauthorized parties. Encrypting critical company data and securely authenticating users and clients are therefore top priorities when it comes to company Wi-Fi.
Whether it’s logistics staff moving around warehouses with portable data scanners, production facilities that transmit their statuses to central control units using wireless signals, or project managers who can be deployed flexibly within the company thanks to their laptops, freedom from cable-based networks has become the norm since the introduction of company-wide wireless local area networks (WLAN/Wi-Fi) in the mobile era. These networks are not necessarily connected to the Internet, but may simply facilitate communication within the company. The same thing applies, however, for every single one of these wireless networks: security precautions tested by the IT department have to be implemented to safeguard the networks themselves, and communication by individual users and Wi-Fi-enabled devices (Wi-Fi clients) has to be encrypted. Only then is the Wi-Fi network protected against unauthorized access and only then is it impossible for third parties to view and corrupt critical company data.
Encryption and Authentication
The first step toward secure Wi-Fi is data encryption. The data is encoded using an electronic key and can only be decoded using a matching electronic key. WPA2 (Wi-Fi Protected Access 2) is classed as state of the art for encryption. The second step is authentication: here, the user and a wireless access point (WAP) authenticate each other in order to gain authorized access.
One of the most common Wi-Fi security systems is based on a “pre-shared key,” i.e. a password that is as cryptic as possible and that comprises a random sequence of letters, numbers and special characters. The wireless access point grants Wi-Fi access to any person or device that enters the correct password. As a single shared key is employed for all users, however, the wireless network is more vulnerable.
Authentication for Maximum Security
Whenever a Wi-Fi network is used commercially, the encryption therefore has to go a decisive stage further. Here, the “Extensible Authentication Protocol Microsoft Challenge Authentication Protocol version 2 (or “EAP-MSCHAP v2” for short) is one of the protocols that is often used. Here, each Wi-Fi client is given its own log-in data. The server features a certificate to ensure that only authorized access points are used to gain wireless access. Each client uses its own log-in data for authentication.
EAP-TLS is an alternative standard to EAP-MSCHAP v2 that uses client certificates to authenticate users and encrypt data. When compared with simple user data, the use of certificates offers advanced security: as the certificates are regularly checked and updated by IT professionals, the company’s in-house Wi-Fi network benefits from the highest level of security that is currently available.
Encryption and authentication within a Wi-Fi network not only means initial expense when setting up the network, but it is also important to keep all encryption/authentication measures, such as the certificates, up to date. Furthermore, reliable processes have to be implemented to ensure the integration of new devices and new users without compromising security. With the correct setup, wireless networks and their protective features can be scaled in such a way that even extremely large company Wi-Fi systems can be kept safe from unauthorized access at all times.
Would you like to know how to set up your company’s Wi-Fi in a secure manner and protect it effectively in the long term? Find more information here.