How to Keep business wifi from public

[ckop11]

Whats the best way to keep Business wifi from the public?

Is just like "hide SSID" in the routers config enough?

The router is in an office connected to the business' Internet. I don't want people to see it/ be able to access it in any way.

Sorry if i answered my own question. Just seeing if there is anything else that can be done.

Thanks

_edit_ the business does have public wifi set up completely separate from the Business line, but there are up to 100 people a day that will go into the business so just want to be safe.

 

[iFargle]

Hide SSID and use a password and you're pretty much good.

 

[ckop11]

Thats what i figured, just making sure. Thanks!

 

[Hefemeister]

To add another layer of security, if you only have a standard set of computers that you wish to have connect to your wireless you can set up a MAC filter on your router to only allow those computers to connect.

 

[carnageX]

To add another layer of security, if you only have a standard set of computers that you wish to have connect to your wireless you can set up a MAC filter on your router to only allow those computers to connect.

Was going to suggest this as well.

 

[DistraughtSysop]

I'm going to have to go against the grain here and say that I don't think that SSID hiding and MAC filtering are effective wireless security measures.

The thing is that even the biggest, know-nothing script kid can defeat them with ease. SSID hiding is a misnomer; you can't actually hide the SSID. What you're actually doing is disabling beaconing, which is just 1 of 5 broadcasting mechanisms. Sure, the idea is that no one will try to hack what they don't see, but anyone who is capable of hacking wifi is also capable of scanning for hidden SSIDs - and those would make for the most tempting targets. The same goes for MAC filtering; MAC addresses are broadcast in cleartext over the WLAN and it just takes one command to spoof one. MAC filtering makes much more sense for physical LANs.

It can be argued that these measures don't hurt, but they lessen usability for users without adding any real security benefit.

 

[Yevrag35]

Our business employs WPA2-Personal with a fairly random SSID (to prevent pre-built Rainbow Tables from cracking the network). Coupled with a 25-character pre-shared key created by a password generator (which includes special symbols and such). Strong Password Generator

Hacking WPA2 is hard, but not impossible. I'd say a 25 character random password would create quite the chore for any would-be hacker.

But if you'd want it UN-crackable, you have to deploy WPA2-Enterprise. That still has not been cracked.

 

[carnageX]

Our business employs WPA2-Personal with a fairly random SSID (to prevent pre-built Rainbow Tables from cracking the network). Coupled with a 25-character pre-shared key created by a password generator (which includes special symbols and such). Strong Password Generator

Hacking WPA2 is hard, but not impossible. I'd say a 25 character random password would create quite the chore for any would-be hacker.

But if you'd want it UN-crackable, you have to deploy WPA2-Enterprise. That still has not been cracked.

Just make sure WPS is disabled (if the router has it) or your security layers will be all for nothing .
8-digit PIN = easier to break then a 25char random password.

 

[Frosty is a Snowman]

Turn WiFi off and give them really long cables, I bet they can't hack that WiFi security.

But yeah I would say enterprise is the best option.
I guess it just depends on the level of protection required for the data you have connected to that network

 

[veedubfreak]

What are you using for wifi? We use Meru and have it set to authenticate using AD credentials for the network access and a guest wifi that doesn't touch our network that has a really pathetic password on it, but it's firewalled off from the main wifi.