Manage Learn to apply best practices and optimize your operations.

Wireless vs. wired security: Wireless network security best practices

Expert Mike Chapple examines wireless vs. wired security and offers his enterprise wireless network security best practices.

Many employees in our enterprise handle sensitive data on a daily basis, so having secure network connections is...

of the utmost importance. Up until now, we've only used Ethernet-based network connections, but there has been increasing pressure from business managers to install wireless. Can a state-of-the-art Wi-Fi connection really be as secure as an Ethernet connection, or would sending so much sensitive data over a wireless network be asking for trouble?

It is true that a wireless network connection can be just as secure as a wired connection? While many organizations once shied away from wireless networks due to perceived security risks, just about everyone has come around and now offers at least some wireless connectivity in the enterprise.  Wireless network access is simply too powerful a productivity tool to limit it outright.

That said, wireless networks must be properly configured in order to ensure they are secure.  When comparing wireless vs. wired security, securing a wireless network is even more important than securing a wired network for one simple reason: Accessing a wireless network does not require physical access to a network jack or cable, as does accessing a wired network.  Wireless networks use radio transmissions to carry data between end users and the network and it is difficult to contain those radio waves.  Therefore, it’s possible for someone to sit in your office building's lobby or parking lot and eavesdrop on wireless network communications.

Ask a question

Have questions about enterprise network security? Ask expert Mike Chapple! (All question submissions are anonymous.)

The answer to this problem is to use strong encryption to protect data transmitted over a wireless network. Encryption uses ciphers to scramble the data sent between the end user’s computer and the network in such a way that it is indecipherable to anyone other than the legitimate end user.

Wireless networks support two major types of encryption, Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA).  As I’ve written before, it is absolutely critical that WPA encryption is used on enterprise networks, as hackers have demonstrated significant vulnerabilities in the WEP algorithm that render it completely useless from a security perspective.

The key takeaway regarding the wireless network security argument is that by installing WPA security on a network, it can be relied upon for secure connectivity between wireless systems and a corporate network, and should certainly be at the top of any organization's list of wireless network security best practices.

In terms of how wireless network security compares to that of a wired network, theoretically Wi-Fi should be just as secure as a wired connection, but that's what security experts thought five years ago when WEP was the prevalent wireless encryption protocol, and it of course turned out to be relatively easy for skilled hackers to bypass. The bottom line is that radio communications are likely always going to be more susceptible to eavesdropping than wired communications, so enterprises should account for that risk and plan their network architectures accordingly.

This was last published in December 2011

Dig Deeper on Wireless network security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I like what you said about the bottomline, if you use a Wi-Fi network you have to be willing to take the risks. Although, WPA2 is more secure than WPA  and especially WEP, with the wide variety and depth of modern day hacking tools, a determined hacker can access any network, I know because I'm a CEH. If you have the time, you can figure out any ones passphrase one letter, number, symbol at a time.