Securing your wireless network is a crucial step in securing your overall Windows environment. Allowing unsecured wireless access to your Windows network can provide easy access for attackers and undermine your efforts to secure your environment. Wireless access makes it easier for anyone to connect to your network even from outside your physical environment. An attacker armed with a notebook computer and a wireless card can access an unsecured wireless network from as much as several hundred feet away from the access point. You can’t rely on any physical security measures to protect your wireless networks, as you can with wired connections.

In the past, only computers used to access networks. Once networks became more popular and computing devices started getting smaller, mobile devices began emerging and users wanted to use them to access internal networks. These laptops, tablets, and now even smartphones have become common in most organizations and require newer, more aggressive security controls. Today, the transformation to the next generation of network access is underway. The Internet of Things (IoT) has most recently become one of the most challenging security concerns. IoT refers to the rapidly growing number of smart devices that connect to networks. Both homes and businesses are connecting cameras, security devices, climate control, and many other types of devices to its network. Each of these devices present a potential vulnerability and entry point for an attacker to access an internal network. Applying solid security practices to every IoT device is necessary to keep networks secure.

There are several steps you can take to secure wireless networks. The actual steps you take to enable each of the following suggestions depend on your wireless hardware manufacturer. However, all current wireless devices provide the ability to make your wireless network more secure. For specific instructions for your hardware, consult the hardware manufacturer’s website or user guide. Follow these guidelines to make any wireless network more secure:

• Use WPA or WPA2 encryption—Do not use WEP unless your wireless access point does not support WPA/WPA2. Security professionals have demonstrated they can compromise WEP in a matter of minutes. WPA/WPA2 is the only secure protocol you should consider for confidential information available on a wireless network.

• Use Media Access Control (MAC) address filtering—Most wireless access points allow you to define valid MAC addresses. If you enable MAC address filtering, only valid MAC addresses can connect to the wireless network. MAC address filtering does make administration more difficult and attackers can spoof MAC addresses, but adding layers of controls makes the environment safer.

• Disable Service Set Identifier (SSID) broadcast—Many attackers scan for potential victim networks by collecting information for all networks broadcasting (SSIDs). Turning off the SSID broadcast doesn’t make your network more secure, but it does make it less visible to casual scanners.

• Limit outside eavesdropping—Each wireless access point has an effective transmission range. You can move the devices away from external walls to make it harder to use a signal outside your physical environment. Locate your wireless devices as far away from external walls as possible while still providing ample coverage for your organization’s users.

• Physically separate wireless networks by purpose—Many organizations deploy at least two wireless networks. One wireless network is secure and requires each new device and user to register with an administrator before getting access. This wireless network would likely provide access to the organization’s internal network. Another wireless network uses fewer controls and makes it easy for guests to connect. This second wireless network would likely connect only to an Internet bridge. This approach makes it easy to give guests Internet access without exposing your organization’s network.

Limiting access to wireless networks makes your environment far more difficult for attackers to compromise. Wireless security is only one layer in your overall security plan, but it is an important one.