Why secure WiFi? Resulting from the IT network’s move from wired ethernet connections to WiFi, many IT admins and MSPs have been uneasy about security. The tradeoff between security and convenience has been no more apparent than in this shift from wired to WiFi network connections. WiFi presents IT admins with a great deal of convenience, but it does come with some baggage. Consistent, practical fears over WiFi security still exist within the minds of IT admins, tainting the convenience factor. Because of those concerns, this article will discuss answers to the question of “why secure WiFi” while also providing workable advice on how to do it.
Security via Physicality
An inherent benefit of wired networks is physical security. Generally speaking, users on a given network had to be both inside the building and have the equipment required to connect to a wired network drop. Of course, physical security wasn’t fail safe, but it did make the need to have port-level security far less important. At most organizations, an attacker could connect to a wired port and gain the ability to see the network, though they couldn’t necessarily authenticate to any services. For some hackers, that was good enough, and they were able to compromise an organization. But unless attackers were physically located within proximity of a wired access point, the perception was that the network was relatively secure.
Challenges Presented by WiFi
As a result of the move from wired to wireless connections, it is easy to see that the concept of physical security went away. Now, a hacker didn’t need to connect to a network drop, s/he could simply sit on the other side of a wall and easily pick up the WiFi signal. Couple this security dilemma with the fact that the security mechanisms employed to protect networks are largely based on shared SSID and passphrases, a hacker could just as easily stroll into an office, sit in the lobby, and learn the WiFi passcode.
Once on the WiFi network, similar to a wired network, an attacker could see all the resources connected to the network and (Read more...)