Call Us Today   01622 763355   info@allteks.co.uk

WiFi: Who Has Access Now?

Simple pre-shared key WiFi is ubiquitous in smaller companies, and even some not so small. The process is simple – everybody requiring access chooses the network name from the list and enters the password, and that’s all that’s needed.

But with Windows 10 and the latest mobile operating systems able to share WiFi connection settings with contacts, how do we keep track of who now has access to your company WiFi? What about ex-employees and their contacts? And should we care?

windows-10-wifi-sharing

For micro enterprises using entirely cloud based services, we could argue that the WiFi network is essentially a public hotspot and so security isn’t too much of a concern. But every PC on the network has company data on it, and the combination of weak user passwords (that might not have changed for years) and unpatched operating system vulnerabilities make this approach flawed. The reality is more likely that your company data is readily accessible to those with access to your WiFi.

For larger enterprises and any with at least one server, any attacker within range has 24×7 availability of services to target. A targeted attack can potentially bypass firewalls by simply befriending on Facebook a current or former employee to gain direct, internal network access.

More attack surface is derived from home-worker VPNs. Whilst per-device, SSL VPN is commonplace, many organisations provide senior and home-based staff permanent, site-to-site VPN connectivity meaning that our home networks too are a potentially vulnerability.

The issue of former employees retaining WiFi access has for many organisations remained unresolved, but compounded by the capability of connections to be shared without the users knowledge for example with Facebook friends, standard password based WiFi security is now completely inadequate for all company environments, and in even in home environments.

Instead of simple password based WiFi, enterprise-grade WiFi security has three big advantages:

  • a unique username and password per person
  • the ability to place different users on different security zones
  • networks that are not shared with contacts in Windows 10 or mobile platforms

Using this technology, leavers are automatically locked out when their Windows account is disabled without affecting the connection of any other user, and secondly users own devices can be placed on a different network providing just Internet access automatically, with only company owned (and secured) devices allowed to access internal network resources.

 

With cyber security now among the top threats to UK industry, properly controlling direct access to your networks is a key control.

WatchGuard Technologies, Inc.

Allteks recommend WatchGuard firewalls, which all include enterprise-grade Wireless Gateway Controller functionality. This enables the deployment of secure networks for managed devices (company PCs), staff BYOD, and Guest access with a ‘captive portal’ (requiring users to accept standard Terms and Conditions), so enforcing security policies, implementing proper access control, and eliminating risk.

Firewall hardware ranges from the cost-effective T10 (suitable for the smallest branches and home offices) to the larger models able to support hundreds of concurrent users, and all models support WatchGuard’s robust indoor and outdoor access points implementing the latest, high-speed ‘AC’ technology, to build scalable, campus-wide wireless networks – and with access you control.

Contact Us Today for more information on our wireless solutions.

%d bloggers like this: