office_wi-fi
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
office_wi-fi [2019/08/04 07:23] – created neil | office_wi-fi [2022/12/18 18:48] (current) – neil | ||
---|---|---|---|
Line 1: | Line 1: | ||
=====Your office Wi-Fi===== | =====Your office Wi-Fi===== | ||
- | You might even want to think about your office Wi-Fi. Who controls access to it? | ||
- | If someone leaves the firm, can you prevent them from connecting to the network? | ||
- | Even if you have just basic password authentication — as most domestic Wi-Fi systems have — do you know how to change the password? | ||
- | If you haven’t already done so, changing | + | ====Key points: ==== |
+ | * [[office_wi-fi# | ||
+ | * [[office_wi-fi# | ||
+ | * [[office_wi-fi# | ||
+ | * [[office_wi-fi# | ||
+ | * [[office_wi-fi# | ||
+ | * [[office_wi-fi# | ||
+ | * [[office_wi-fi# | ||
- | Do you offer your clients access to guest Wi-Fi? If so, is it a separate network, segregated from your office network? If not, are you better off just not offering it? | + | ====Make sure it is encrypted and not open ==== |
- | If you do permit others to use your office Wi-Fi, what controls do you have in place around devices connected to it? What authentication do you require to connect to resources, such as shared drives, on the network? Are you forcing those connections, | + | {{:: |
- | https inspection: looking at your users’ encrypted traffic | + | When you set up a Wi-Fi access point, you will be prompted to set the security you want in place. |
- | You might also consider rules around what can be accessed — spam filtering, for example, or blacklisting of potentially problematic websites | + | Avoid " |
+ | For a small firm, "WPA Personal" | ||
+ | |||
+ | For larger organisations, | ||
+ | |||
+ | ====Change all default passwords ==== | ||
+ | |||
+ | If your network equipment comes with default passwords, make sure you have changed them. | ||
+ | |||
+ | If someone is able to access your Wi-Fi equipment, or your router, they could easily control the traffic on your network. | ||
+ | |||
+ | ====Disable access from the Internet ==== | ||
+ | |||
+ | Unless you specifically need it (in which case, set it up securely), disable access to you Wi-Fi equipment / router from the Internet. This means both the administrative interface, and the devices themselves - if you do need to have remote access, plan it carefully, and lock it down (e.g. to specific IP addresses, lock out IP addresses if they get the username/ | ||
+ | |||
+ | ====Use a firewall ==== | ||
+ | |||
+ | Firewalls are devices (or software applications) which control what traffic is allowed to move between networks according to rules you set — for example, between the Internet and your office network. | ||
+ | |||
+ | Most consumer-grade routers do not have a firewall, and rely instead on something called " | ||
+ | |||
+ | For example, a [[https:// | ||
+ | |||
+ | ==== Make sure someone in the firm has the admin usernames and passwords, or admin access ==== | ||
+ | Especially if you outsource your IT support, make sure someone in the firm has either a copy of all the usernames and passwords, or else admin access, and other information necessary to configure and control your Wi-Fi (and other elements of your firm's IT, for that matter). | ||
+ | |||
+ | You do not want to find that, if your IT support provider ceases to support you, you are unable to manage your network. | ||
+ | |||
+ | ====Have a means of preventing former staff from connecting to your network==== | ||
+ | If you have " | ||
+ | |||
+ | If, however, you are using consumer-grade equipment, and are using a common password for access to your Wi-Fi network, you'll need to think about how you deal with someone who leaves the firm: how do you make sure that they cannot continue to access your network. This might entail changing the network password, and distributing the new password to all remaining members of staff. | ||
+ | |||
+ | ====Only offer secure guest access ==== | ||
+ | |||
+ | Offering guests — including clients — access to Wi-Fi may be nice, and perhaps even expected. | ||
+ | |||
+ | Only let guests connect to a network which is segregated (logically or physically) from your office network. | ||
+ | |||
+ | If you cannot do this securely, you are better off not offering it at all. | ||
+ | |||
+ | The same rule applies to employees connecting their own devices: do it securely, or ask them to use their own mobile phone connections. |
office_wi-fi.1564903389.txt.gz · Last modified: 2021/07/06 09:26 (external edit)