backgroundstore - Fotolia
Wired vs. wireless network security: Best practices
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires.
Just about every organization today offers some sort of wireless connectivity in the workplace; it is far too powerful a productivity tool to limit it outright. However, wireless networks must be properly configured in order to ensure they are secure.
With a wired network, connected computers are only accessible via a physical cable connection. As such, physical security is a major wired network security concern. Note, however, that, while wired networks are often considered more secure than wireless networks, they are not inherently safer from threats such as denial-of-service attacks, malware or data loss. Security measures -- including but not limited to firewalls, SIEM and data loss prevention -- should always be considered whether your network is wired or wireless.
When comparing wired vs. wireless network security, securing a wireless network is even more important than securing a wired network because it does not require physical access to a network jack or cable. Wireless networks use radio transmissions to carry data between end users and the network. As it is difficult to contain those radio waves, it's possible for someone to sit in your office building's lobby or parking lot and eavesdrop on wireless network communications.
The answer to this problem is to use strong encryption to protect data transmitted over a wireless network. Encryption uses ciphers to scramble the data sent between the end user's computer and the network in such a way that it is indecipherable to anyone other than the legitimate end user.
Wi-Fi Protected Access (WPA) is the modern standard for wireless encryption. It is absolutely critical that WPA encryption is used on enterprise networks, as hackers have demonstrated significant vulnerabilities in the previously recommended Wired Equivalent Privacy (WEP) algorithm that render it completely useless from a security perspective. Note, it's important to check that you're using a modern version of WPA as well. Today's networking equipment supports two versions of WPA: WPA and WPA2. While both are still considered secure, WPA2 offers stronger security. The next version, WPA3, has also been released. While some networking gear is beginning to support the new protocol -- the Wi-Fi Alliance started certifying WPA3-approved products in 2018 -- there are some serious open vulnerabilities in the new standard. I recommend implementing WPA2 and holding off on WPA3 until those are addressed and the protocol becomes more widely used.
The key takeaway regarding the wireless network security argument is that, by installing WPA security on a network, it can be relied upon for secure connectivity between wireless systems and a corporate network and should certainly be at the top of any organization's list of wireless network security best practices.
In terms of how wireless network security compares to that of a wired network, theoretically, Wi-Fi should be just as secure as a wired connection, but that's what security experts thought years ago when WEP was the prevalent wireless encryption protocol -- it turned out to be relatively easy for skilled hackers to bypass. The bottom line is that radio communications are likely always going to be more susceptible to eavesdropping than wired communications, so enterprises should account for that risk and plan their network architectures accordingly.
Wireless network security best practices
Once you have strong encryption in place through WPA, WPA2 or eventually WPA3, enterprises should continue to build out their wireless security program by implementing some other best practices:
- protect your guest wireless network from eavesdropping;
- monitor your facilities for rogue wireless access points, also known as evil twins;
- enhance your defenses against wireless attacks;
- improve network visibility and monitoring; and
- manage mobile devices connecting to enterprise networks.