[who's ur daddy?]

Hey you tech geeks...

How secure are security enabled wifi networks?

Our office is on two floors, with maybe 40 users total. Only a few have wi-fi enabled hardware (mostly smartphones). Is there any advantage in installing a wireless router from a backup perspective - ie. if one of our desktops goes down or our carrier goes down (Rogers), does the wi-fi connection help at all?

I don't see many of us using the phone to surf the web while we're in the office and I think our digital plans give us more than we need in terms of surfing, so just wondering if there are benefits of having a wi-fi network in a small office environment that doesn't use laptops...

[mekeni]

If your carrier goes down, so does your wi-fi, unless you have a Rogers USB stick (can connect to the internet wherever there is rogers telephone signal)

[jopa489]

Saw this thread on the main page, so figured I would chime in. I work in the IT field, and hear this question (or something similar) often enough.

The answer to your first question regarding security depends on the type of encryption and hardware being used. Standard WEP or WPA, which are by far the most popular standard encryption methods for all home wireless routers and most enterprise setups, have flaws. With the proper tools and knowledge, WEP can be cracked in moments. Once cracked, the potential hacker could have complete access to your entire network - as if he was sitting at your desk. Obviously, this could be dangerous. Anyone who tries to convince you WEP is "good enough" for sensitive data is simply mistaken.

WEP is only good for keeping out random people looking to mooch some free bandwidth - not securing sensitive data. The average person has no clue how to crack WEP. Setting up wireless "properly" for a business of any size should involve an AAA server (which stands for Authentication, Authorization, and Accounting) and a RADIUS system. Together, these work together to manage polices for who is allowed to connect to the network via wireless.

As mekeni mentioned above, adding wireless to your existing internet connection does not give you any form of redundancy. If Rogers goes down and they are your sole provider, everything external to your local network goes down. Based on what you're describing, I don't think you need it. Enterprise-grade equipment, installation, and support is very expensive, and if there are no laptops it's not worth it.

Depending on the type of business environment, you may want to consider adding an additional Rogers line with a standard home wireless router. This way, it's completely separate from your network and people can jump on it if they need to access the internet - someone coming in and giving a presentation, for example. Employees would not be able to access local servers, files, or email (unless it's web-based) from this connection; it would be completely independent. There's no security risk since no business information is passing through it, so WEP is acceptable for something like this.

Sorry if that's a bit more detail than you needed.

[w2]

The main advantages of wireless is that it is easier to set up and lets you move computers around. It is slower than wired Ethernet, but usually fast enough (and faster than your connection to the Internet). It is less secure than a wired network, but secure enough for most purposes. In my office, I am trying to go wireless with new installations, and I am pretty confident that the security is good enough, given the nature of our business and our location. However:

WPA and WEP are both, relatively speaking, weak encryption protocols. WEP is by far the weaker of the two (I think WEP must stand for "weakest encryption possible") but WPA can also be compromised, especially if you're using a shared key (shared passwords are inherently weak because you are trusting lots of different people to keep the same piece of critical information secret, and keeping passwords secret is harder than it sounds). However, the purpose of WEP and WPA are to protect access to the network itself, not to protect the data on the network. Sensitive data should always be transmitted using a strong encryption protocol (using something like ssh which uses RSA for authentication and a protocol like blowfish, AES or 3DES for encrypting traffic) no matter what kind of network you're running on.

Even a fully wired network can be compromised, because you can never trust all of the devices that may be attached to it at any given time. Security of the network (stopping people from stealing your bandwidth) and security of data (stopping people from seeing your stuff) are two different issues and you need to address them as such.

Putting encryption on the network is like putting a bunch of people in a soundproof room: anything you say won't be heard outside the room, but because you can't necessarily trust everyone inside the room, if you want to tell one person a secret without the possibility of someone else overhearing, you still have to use some kind of coded language that only the two of you understand.

[Darin911]

^
holy cow soo long

[Tee212]

I use mac filtering and disable SSID visibilty. A radius server is a bit over kill. If you elect to use WEP or WPA2 just have 1 computer nerd walk to each node and manually enter the WEP string.

[jopa489]

Quote:

Originally Posted by Tee212

I use mac filtering and disable SSID visibilty. A radius server is a bit over kill. If you elect to use WEP or WPA2 just have 1 computer nerd walk to each node and manually enter the WEP string.

That's not secure at all, and a RADIUS server isn't overkill for a company looking to protect their data (though it definitely is for the average home user). MAC addresses can be easily spoofed and even WinXP shows "unnamed networks" when searching for Wifi.

[who's ur daddy?]

Perfect. Thanks gents. Tremendous downside and little upside it seems...

[SSD]

My company is using WPA enterprise with AES..filtered by MAC address and give a landing page to put it username/password and get authenticated by the ldap server in backend.

Kinda annoying to set up..but better security I guess.

[tirana]

If you have wifi smartphones, it's a big advantage to have WPA secured wireless as this will significantly speed up Internet access and reduce your data usage over 3G. Wifi also has the advantage of not having to put Ethernet sockets everywhere. Just drag your laptop and make a presentation or work in any room. Data security is an issue on any network, wired or wireless. If you take simple precautions (WPA with a decent key), access controls (e.g. MAC address), etc, its simple to set up and maintain. Am not so keen on wireless backup as it takes longer (better to use FireWire or USB2) although you can secure the network drive. Speed is still an issue unless you're using 802.11n - most computers are n-equipped but smartphones are still 802.11g - there again, they don't need to shuffle much data.

It's crazy how many open networks you can find (or set to a default "admin" password). Convenient for hopping onto the net, but very insecure.

[snipersix]

wifi is never secure. If you wish to use wireless be sure to use encryption standards such as the ones stated above. Especially if you are dealing with sensitive data.. But if its just for ordinary browsing wifi should be fine.

[halB]

On the flip side: A few years ago there was an article in Wired magazine suggesting a grassroot movement in which users would not put security in their WiFi router/access points, thereby creates coast-to-coast WiFi accessibility free-for-all.