At a meeting, a business associate revealed he used the personal mode of Wi-Fi security in his business, which...
he claimed was easy to set up and use. My organization is starting to evaluate using Wi-Fi for business, and I'm reading that the personal mode isn't secure enough and that WPA2 is the way to go. Can you please explain the difference between the two options? Which would you suggest for business deployment?
If there's one thing that has caused more security problems than anything else, it's people choosing to take the path of least resistance with their security controls. Standout choices I see in practically every organization I visit include people creating weak passwords, IT holding employees responsible for their own third-party software patches, and perhaps most of all, deploying wireless using WPA2 pre-shared keys for "secure" access.
As with software and practically every other network system, if you start out with "good enough" Wi-Fi security, you're going to get stuck with more complexity and a minimal ability to manage risks than you would if you did it the right way from the get-go.
The problem with using pre-shared keys -- or personal mode -- for wireless security is that it needs to be continually managed. This includes changing pre-shared keys when any one of them is suspected to have been compromised or otherwise at risk (for example, when an employee is terminated).
I performed a wireless security assessment recently where I witnessed this very issue. Instead of changing the pre-shared keys after numerous employees resigned or were fired, the IT team just left things as they were. We live in a world where "hope" is a strategy; empty promises work in politics, but it's a dangerous path to follow in business, especially when enterprise security is involved.
If your organization is going to deploy wireless or make its existing environment more secure, it should really consider implementing (or enabling) 802.11i, which utilizes RADIUS for authentication (it's like Active Directory for Wi-Fi). Such a technology is much more extensible and robust than simply relying on WPA2 pre-shared keys for encryption and authentication. Alternately, look for a third-party wireless management system, such as Fluke Networks' AirMagnet or Juniper Networks' Trapeze/SmartPass. While these products will require more effort and money up front, they will be much better for your organization over the long haul.
Regardless of the perceived size and complexity of your wireless environment today, odds are it will grow. It'll pay to do wireless security right before it gets even bigger.
Ask the Expert!
SearchSecurity expert Kevin Beaver is ready to answer your enterprise security questions -- submit them now! (All questions are anonymous.)
Get help with WPA2 migration
Dig Deeper on Wireless network security
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.