The number of Wi-Fi hotspots is expected to grow by 350 percent by 2015, according to a new report by the Wireless Broadband Alliance (WBA). An industry association that is focused on driving the next-generation Wi-Fi experience, the WBA arrived at its conclusion after a comprehensive survey of 259 service providers and Wi-Fi vendors. You can read the full report here (pdf).
Going through the report, what struck me was how smartphone and tablet connections to hotspots in the Asia-Pacific and North America have already surpassed that of laptops. The press release summed up the global situation this way:
Laptops now represent less than half (48%) of the connections to hotspots, smartphones account for 36% and tablets 10%.
This development is significant to small and mid-sized businesses, as they can expect to find these new tablets and smartphones eventually making their way into corporate offices. As workers start loading the corporate networks with a plethora of Wi-Fi devices, SMBs are left with no option but to beef up their wireless infrastructure.
Indeed, CEO Dirk Gates of Wi-Fi specialist Xirrus said as much in my interview with him on the state of Wi-Fi in June:
[Wi-Fi] devices are coming, and you can either be ready for them or playing catch-up. It's time now to seriously consider deploying well-provisioned Wi-Fi.
In that vein, I've put together a short list of some Wi-Fi security pointers that I feel are pertinent to SMBs or SOHOs. I was inspired by a far more detailed list of security-centric measures suggested by Eric Geier of Computerworld in "Wi-Fi security do's and don'ts." My below list would be a good starting point for smaller businesses, however.
Don't use WEP (or WEP2)
WEP has well-known flaws that allow it to be trivially defeated. Indeed, a 104-bit WEP key can be cracked in as little as two minutes, and that was four years ago. Further underscoring its vulnerability and usage in spite of its flaws, at least one group of criminals has been known to drive around office blocks in search of WEP-based wireless networks to break into.
MAC addressing can be fooled
Attempting to filter devices based on their MAC addresses is cumbersome administratively, and ineffective given the ease with which a MAC address can be spoofed. Moreover, it is also susceptible to wasted time as users and administrators mix things up and go on a wild-goose chase when inadvertently trying to connect new (unapproved) devices to the wireless network.
Don't rely on hidden SSIDs
Similar to how filtering by MAC addresses is not effective, making use of hidden SSIDs is of little effect against a halfway-competent hacker. Moreover, it increases complexity by making it more difficult for novice computer users to connect.
Physically secure network components
Most network access points (AP) have a reset switch, while business-grade ones may have more than one Ethernet port. Accordingly, organizations should ensure that these are properly secured. One related strategy would be to make use of a security switch like the HP 2915-8G-PoE switch with its port security and PoE features for your APs.
Employ a 'guest' SSID for visitors
While a centralized authentication scheme works best, SOHOs or small SMBs are unlikely to possess the expertise or infrastructure to migrate from a static passphrase. A simpler alternative would be to create additional SSIDs - with a different passphrase, for visiting guests or business partners. Obviously, this SSID should be segregated from the main network for security reasons.
Do you have additional tips to suggest? Feel free to add in a comment below.