I’ve been implementing and managing wireless network for almost 25 years, so I thought I would share my 5 top tips to ensure you have happy users, network security and indestructible Enterprise WiFi.
- There are three WiFi security methods: WEP, WPA and WPA2. To secure your wireless network, avoid using WEP and WPA as both these security methods can be compromised with the right knowledge and equipment.
- Use WPA2 with 802.1x authentication to ensure maximum security. If you have to use a WPA2-PSK key, make it complex, add MAC address authentications and ensure you VLAN the data and add access lists to your core switch or firewall for maximum security.
- Only enable 802.11r if you are certain that all the devices that connect to your wireless network support this standard. Non 802.11r compliant devices will not be able to connect.
- Avoid using 5Ghz DFS (Dynamic Frequency Selections) channels, 52 and above, as using these channels often leads to an unstable network. These channels have to listen for radar (Military, Commercial and Weather Radar) and if detected, the access points have to change channel, disconnecting all the associated devices.
- Take the effort to secure your switch ports (wired network) with 802.1x or MAC Authentication. If you don't do this, your network can be compromised by anyone with a laptop with an ethernet connection or a consumer grade WiFi access point (Rogue Access Points). Consider using Network Access Control (NAC) to add additional security to your wired and wireless network.
Contact me if you have any questions and/or would like some help with your Enterprise WiFi.