If you own a small business, chances are you already have a wireless network in place. Often, these wireless devices are configured out of the box and there is no real setup involved. Because of this, wireless security is typically overlooked in the small business space, which makes wireless both useful and a potential security risk. Wireless security has progressed a lot since its initial foray into the mainstream. In the early days of wireless, some manufacturers were shipping small office/home office wireless devices with no security and no password at all. To make matters worse, these devices were often used in small businesses. Generally, end users didn’t understand the risks enough to add security to them. As a result, those devices were often compromised.
Today, wireless is an integral part of our everyday experience. Almost everyone has laptops, smart phones, tablets, etc., so having wireless in your business is quite handy. The question to ask now is how can we be sure that we only have business-related devices on our private network while also allowing employees to connect their personal devices? The way to address this is to deploy a separate public and private wireless network. The goal here is to provide a secured, “private” wireless LAN that company owned devices can use to connect to sensitive data while providing another “public” wireless LAN that is physically separated from the private network. Employees can be given the password to the “Public” wireless to connect their personal devices, but the “Private” wireless network password would be kept secret and only entered by an administrator, owner, etc.
Here are three ways to implement this, from easiest to most complex.
1. Your ISP may already do it:
In some cases, Comcast, Charter and/or AT&T will deliver a cable modem or DSL modem that has built in wireless that exists outside your network. As long as you have a firewall in place (you DO have a firewall don’t you?) and your protected network sits behind this firewall, you can deploy a wireless AP on your protected network and only connect devices that you own/control. Everyone else with their phones, tablets, etc. can use the public network and your network stays much safer. The layout looks like this:
2. Using 2APs:
Some ISP plans don’t include a wireless capable device, so you have to do it yourself. The most effective way to accomplish this is with a DMZ on your firewall. In this scenario, you would deploy an AP on your protected network and another on a DMZ network of your firewall. The DMZ is really just another network created by the firewall that doesn’t touch your private network. The layout looks like this
3. VLAN with Managed APs:
If your building is large enough to require more than 1 AP for coverage, this is the best option for you. This scenario deploys multiple wireless APs, all giving out two or more wireless networks, each discreet and in a separate VLAN for security. This is a much more robust and technically involved scenario, but it can be deployed inexpensively and be very easy to maintain. Given the complexity of this setup, we didn’t include a layout.
If you need help with wireless for your small business, contact us.