4 ways to create a secure wireless network

It isn’t hard to set up security for the wireless router in your basement: change the SSID, pick a strong password and perhaps install VPN software for remote access. But securing wireless networks in a business environment is much more demanding.

Dental offices must:

Related article: Are you vulnerable to exploits?

• Provide the basics - secure wireless access points and protect remote and mobile employees;

• Provide controlled access for guests and contractors;

• Deploy and manage multiple wireless access points in the office;

• Integrate wireless traffic into the practice’s core network security infrastructure.

1. The basics

Certain security practices are essential for wireless networks of all types. These include:

• Strong encryption. Preferably a WPA2. An eavesdropper can pick up wireless signals from the street or a parking lot and break older security algorithms like WEP in minutes using tools readily available on the web.

• Complex passwords. Cybercriminals can use cloud computing resources to test millions of passwords in minutes, so wireless passwords should be 10 characters or longer and include numbers and special characters.

• Unique SSIDs. SSIDs are part of the password used for WPA2 encryption. Hackers use “rainbow tables” to test common SSIDs, so administrators should pick unique network names (but not ones that identify their organization).

• VPNs for remote access. Virtual private networks are essential to protect communication from mobile employees (who can put a VPN client on their devices) and remote offices (which can use economical, point-to-point VPN connections).

Employee education and published policies. Employees need to be educated on secure networking practices. In companies with bring-your-own-device (BYOD) policies, this includes acceptable uses of personal devices for company business. Practices that publish policies and systematize training not only improve security but also enhance their compliance posture by showing auditors that they’re taking action to protect confidential information.

2. Provide controlled access for guests

Uncontrolled access to wireless networks is a common security issue. Often, patients, suppliers and other office visitors are given IDs and passwords that provide perpetual access to internal networks. Stories abound of temporary staff whose passwords remained valid for weeks or months after they moved on to other employers.

Some organizations address this problem by providing a separate guest network with limited access to core IT systems. This approach addresses the issue of transient guests, but it’s expensive and not always useful for temps and long-term guests. Another approach is to find tools that restrict guest access to appropriate periods of time and place limits on their activities.

3. Manage multiple access points in central offices

Deploying and managing wireless access points can be time-consuming. Large offices may require many access points to cover all office areas, conference rooms and meeting spaces used by employees. Multiple wireless networks for different groups and for guests can add to the work.

Related article: 6 myths about data encryption

Not only does complex administration raise staffing costs, but it also increases the likelihood of accidental misconfigurations that cause security vulnerabilities.

Dental offices need to find tools that simplify tasks such as deploying new access points, checking on the status and settings of these devices, and changing parameters. A best-case scenario is to find tools that don’t require specialized knowledge or a long learning curve, so the work can be done by network administrators rather than wireless networking specialists.

4. Integrate wireless traffic into the network security infrastructure

Cybercriminals are increasingly targeting wireless traffic as an avenue to penetrate enterprise networks. They’re exploiting:

• More opportunities to find weak points because of the growing number of remote and mobile workers.

• Home computers and mobile devices that lack the endpoint protection tools found on workstations that reside in company offices.

• BYOD policies that limit the control that companies have over the selection and configuration of mobile devices (a trend amplified by the increasing number of organizations with bring-your-own-computer policies).

To prevent wireless traffic from becoming a major threat vector, practices should ensure that wireless traffic flows through the full network security infrastructure so that it can be scanned for malware. Probes and attacks can also be detected.

Related article: Protecting your practice from botnets

Ideally, the connection should be two-way, so traffic that goes out through the wireless network must first pass through the core security infrastructure. This allows URL and content filtering tools to prevent employees from visiting websites that contain malware or are related to phishing and social engineering attacks. It may also help detect data being exfiltrated as part of an advanced persistent threat.

There’s nothing wrong with having wireless networks in your practice - just make sure you have them properly configured and secure.