Nmedia - Fotolia
At a meeting, a business associate revealed he used the personal mode of Wi-Fi security in his business, which he claimed was easy to set up and use. My organization is starting to evaluate using Wi-Fi for business, and I'm reading that the personal mode isn't secure enough and that WPA2 is the way to go. Can you please explain the difference between the two options? Which would you suggest for business deployment?
If there's one thing that has caused more security problems than anything else, it's people choosing to take the path of least resistance with their security controls. Standout choices I see in practically every organization I visit include people creating weak passwords, IT holding employees responsible for their own third-party software patches, and perhaps most of all, deploying wireless using WPA2 pre-shared keys for "secure" access.
As with software and practically every other network system, if you start out with "good enough" Wi-Fi security, you're going to get stuck with more complexity and a minimal ability to manage risks than you would if you did it the right way from the get-go.
The problem with using pre-shared keys -- or personal mode -- for wireless security is that it needs to be continually managed. This includes changing pre-shared keys when any one of them is suspected to have been compromised or otherwise at risk (for example, when an employee is terminated).
I performed a wireless security assessment recently where I witnessed this very issue. Instead of changing the pre-shared keys after numerous employees resigned or were fired, the IT team just left things as they were. We live in a world where "hope" is a strategy; empty promises work in politics, but it's a dangerous path to follow in business, especially when enterprise security is involved.
If your organization is going to deploy wireless or make its existing environment more secure, it should really consider implementing (or enabling) 802.11i, which utilizes RADIUS for authentication (it's like Active Directory for Wi-Fi). Such a technology is much more extensible and robust than simply relying on WPA2 pre-shared keys for encryption and authentication. Alternately, look for a third-party wireless management system, such as Fluke Networks' AirMagnet or Juniper Networks' Trapeze/SmartPass. While these products will require more effort and money up front, they will be much better for your organization over the long haul.
Regardless of the perceived size and complexity of your wireless environment today, odds are it will grow. It'll pay to do wireless security right before it gets even bigger.
Ask the Expert!
SearchSecurity expert Kevin Beaver is ready to answer your enterprise security questions -- submit them now! (All questions are anonymous.)
Get help with WPA2 migration
Dig Deeper on Wireless network security
Related Q&A from Kevin Beaver
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading