Wired and Wireless Security Best Practices

All organizations doing business in the modern world require some sort of network to support the operations of the organization even if the organization is a small local business. Regardless of the size of the organization, the data on their machines is one of their most prized possessions as it can contain everything from financial data to trade secrets can be kept resident on these machines  and must be secured (Caballero, 2009, p. 237). Although wired networks and wireless networks are rather different architectures, they share many similarities in how they are secured, therefore, this discussion will begin with the specific security practices that the networks share and then will expound on the more specialized needs of wireless networks.

In order to create a strong and secure network, the first thing that must be done is to establish a firm boundary at the physical level. The server room or data center should be offered as many physical protection methods as deemed possible by the organization. Some of these safeguards include: security officers, a visible authorization system (i.e. receptionist who checks IDs before allowing building access), a two or three level authentication system such as a user name and password, or a user name, password, and biometric check, and an auditing method (either paper or electronic) that logs access to the room or datacenter. If it is financially feasible, the company should also consider installing a closed circuit security camera system (Caballero, 2009).

Once a physical boundary is established, the attention should be shifted to focusing on the network boundaries (or perimeter). A firm line should be established between where the internet ends and the private LAN begins. Much like a building, the LAN should be protected by security guards that block the entrances and exits until the data has been authenticated. In order to accomplish this, the network should be secured by a network firewall that uses a bi-directional analysis method known as ‘stateful packet filtering’ (Caballero, 2009, p. 240) as this will analyze each packet as it passed through the network. Once the data passes on to the router to enter the LAN, it is wise to include router packet filtering to examine packets to see if they meet security policies that have been implemented. If the router allows for MAC Address filtering on wired connections, these should be activated as well because this adds additional security to prevent unauthorized devices (Prowse, 2011, p. 132). Once the router has been deployed, the next layer to secure the network would be to install an inline Intrusion Detection and Prevention System (IDPS) as this will scan the network for possible intrusions using either a signature analysis system or an anomaly based system (preferably a combination of both) that will flag administrators in the event of a perceived attack (Prowse, 2011, p. 155).

The various safeguards as outlined above are some of the primary practices used to secure wired networks but to secure wireless networks additional measures must be taken. Each wireless network broadcasts to a certain range which will allow some possibility of the signal traveling beyond the physical walls of the building. Because of this flaw in the security of wireless, it is advised that organizations reduce the signal strength incrementally until the signal is no longer detected outside the organization (Valacich & Schneider, 2010, p. 203). Another broadcast item is the Security Set Identifier (SSID) or the network name of the wireless access point which is set up to broadcast itself by default, one should turn this off so as to prevent unauthorized external access to the network. All wireless access points have the capability to use some sort of passkey to permit access including WEP, WPA, and WPA2 encryption schemes, to ensure security and authentication, the WPA2 encryption scheme should be activated and a high entropy password created to secure the access point. Also, it is imperative that MAC filtering be turned on for wireless clients so that only hosts who are added to the MAC filter list are able to receive connectivity. Lastly, if the devices being connected to the wireless point are 802.1X capable, this authentication system should be activated (Vacca, 2009, p. 797).

All of the safeguards above are some of the best ways to secure a network, especially from a hardware level. Despite the best security practices, the human element can still cause challenges to a security infrastructure. Thusly, a wise information security manager will also create a comprehensive security plan for all the users at the facility to follow and remind them often. No network is completely secure but implementing items such as these will allow a decent reduction in risk.

Bibliography

Caballero, A. (2009). Information Security Essentials for IT Managers: Protecting Mission-Critical Systems. In J. R. Vacca, Computer and Information Security Handbook (pp. 225-254). Burlington: Morgan Kaufmann Publishers.

Prowse, D. L. (2011). CompTIA Security+ SYO-201 Cert Guide. Indianapolis: Pearson Education.

Vacca, J. R. (2009). Configuring Wireless Internet Security Remote Access. In J. R. Vacca, Computer and Information Security Handbook (pp. 795-798). Burlington: Morgan Kauffman.

Valacich, J., & Schneider, C. (2010). Information Systems Today: Managing in the Digital World. Upper Saddle River: Prentice Hall.