Nmedia - Fotolia

Manage Learn to apply best practices and optimize your operations.

Wi-Fi for business: Is using personal mode safe?

The Wi-Fi personal mode may be easy to set up and use, but is it safe enough to use in an enterprise setting? Security expert Kevin Beaver discusses why WPA2 is a more secure enterprise option.

At a meeting, a business associate revealed he used the personal mode of Wi-Fi security in his business, which he claimed was easy to set up and use. My organization is starting to evaluate using Wi-Fi for business, and I'm reading that the personal mode isn't secure enough and that WPA2 is the way to go. Can you please explain the difference between the two options? Which would you suggest for business deployment?

If there's one thing that has caused more security problems than anything else, it's people choosing to take the path of least resistance with their security controls. Standout choices I see in practically every organization I visit include people creating weak passwords, IT holding employees responsible for their own third-party software patches, and perhaps most of all, deploying wireless using WPA2 pre-shared keys for "secure" access.

As with software and practically every other network system, if you start out with "good enough" Wi-Fi security, you're going to get stuck with more complexity and a minimal ability to manage risks than you would if you did it the right way from the get-go.

The problem with using pre-shared keys -- or personal mode -- for wireless security is that it needs to be continually managed. This includes changing pre-shared keys when any one of them is suspected to have been compromised or otherwise at risk (for example, when an employee is terminated).

I performed a wireless security assessment recently where I witnessed this very issue. Instead of changing the pre-shared keys after numerous employees resigned or were fired, the IT team just left things as they were. We live in a world where "hope" is a strategy; empty promises work in politics, but it's a dangerous path to follow in business, especially when enterprise security is involved.

If your organization is going to deploy wireless or make its existing environment more secure, it should really consider implementing (or enabling) 802.11i, which utilizes RADIUS for authentication (it's like Active Directory for Wi-Fi). Such a technology is much more extensible and robust than simply relying on WPA2 pre-shared keys for encryption and authentication. Alternately, look for a third-party wireless management system, such as Fluke Networks' AirMagnet or Juniper Networks' Trapeze/SmartPass. While these products will require more effort and money up front, they will be much better for your organization over the long haul.

Regardless of the perceived size and complexity of your wireless environment today, odds are it will grow. It'll pay to do wireless security right before it gets even bigger.

Ask the Expert!
SearchSecurity expert Kevin Beaver is ready to answer your enterprise security questions -- submit them now! (All questions are anonymous.)

Next Steps

Get help with WPA2 migration

How to use 802.11i to improve security

This was last published in September 2014

Dig Deeper on Wireless network security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.