In our podcast Wireless Security: Identifying Risks and Hardening Your Network, we talked about a number of strategies to help increase network security. This list covers the strategies we discussed and should help guide you through your options when securing your network.
1.) Guest vs. Corporate Access
Guest networks, by their very nature, are not secure. So, always treat networks for guest access as an untrusted network. Separating clients on your guest network and isolating them so one user can’t access another’s traffic is a good idea, too, when it’s possible.
Using unique passwords on each network is important, too–don’t reuse the password from the guest network on other networks. And always, always change the default wifi password to one that is unique and secure.
2.) Identify Users
Knowing who your users are makes it easier to address issues as they arise. To help with this, you’ll want to tie network authentication and activity to the user.
Using a VPN provides additional security to critical areas by requiring users to provide another layer of identity authentication.
3.) Offensive Testing
Any time you have a critical or sensitive area that has to be connected to a wireless network, you want to make sure you’re doing offensive testing on it regularly.
Add the guest network to the scope for your next pentest, and use this to confirm that your guest network is properly segmented. Add the employee network to the same scope and test what a user is able to access via wireless and make sure that it’s what you expect.
Pentests are also a great way to test the effectiveness of your security controls and incident response procedures around wireless networks.
4.) Alerting and Monitoring
Monitoring and alerting allows you to detect issues and monitor user behavior–and allows you to not only troubleshoot problems, but also isolate issues.
With adequate monitoring of wireless networking infrastructure, you can analyze:
- Wireless authentication logs
- Wifi router access logs
- Connected device names
- MAC Addresses
- And more!
5.) IoT Networks
Keeping your IoT devices–including smart doorbells, assistants, and appliances–on their own network prevents attackers from pivoting to more sensitive areas.
These devices often lack in-depth security controls and frequently may be usable without any authentication as long as an attacker has network access–so you don’t want your IoT devices on your guest network, either!
6.) Policies and Training
Create guidelines on how your users should–and shouldn’t–be using the network. These policies should be published where employees can access them and new employees should be informed of the policies upon starting at the company.
Regular cybersecurity training for your employees is important. In addition to topics such as phishing and malware, you’ll also want to include information about wireless security.
Keep In Mind
Keeping your networks secure is an important step toward building a strong security posture. Interested in learning more about pentesting or managed security services? Contact us! We’re here to help.