Differences

This shows you the differences between two versions of the page.

--- office_wi-fi [2019/08/04 19:07] – neil
+++ office_wi-fi [2022/12/18 18:48] (current) – neil
@@ Line 2: / Line 2: @@
 ====Key points: ====
-  * [[#Change all default passwords|Change all default passwords]]
+  * [[office_wi-fi#Make sure it is encrypted and not open|Make sure it is encrypted and not open]]
-  * [[#Disable access from the Internet|Disable access from the Internet]]
+  * [[office_wi-fi#Change all default passwords|Change all default passwords]]
-  * [[#Make sure someone in the firm has the admin usernames and passwords, or admin access|Make sure someone in the firm has the admin usernames and passwords, or admin access]]
+  * [[office_wi-fi#Disable access from the Internet|Disable access from the Internet]]
-  * [[#Have a means of preventing former staff from connecting to your network|Have a means of preventing former staff from connecting to your network]]
+  * [[office_wi-fi#Use a firewall|Use a firewall]]
-  * [[#Only offer secure guest access|Only offer secure guest access]]
+  * [[office_wi-fi#Make sure someone in the firm has the admin usernames and passwords, or admin access|Make sure someone in the firm has the admin usernames and passwords, or admin access]]
+  * [[office_wi-fi#Have a means of preventing former staff from connecting to your network|Have a means of preventing former staff from connecting to your network]]
+  * [[office_wi-fi#Only offer secure guest access|Only offer secure guest access]]
+====Make sure it is encrypted and not open ====
+{{::screenshot_2019-08-08_at_17.42.13.png?400|}}
+When you set up a Wi-Fi access point, you will be prompted to set the security you want in place.
+Avoid "open" or "WEP". If you have equipment which only works on WEP, upgrade it, because WEP is no longer effective and can be trivially broken. If you do not have equipment which only works on WEP, make a plan to move to WPA very soon.
+For a small firm, "WPA Personal" is easy to administer, but you will need to [[#Have a means of preventing former staff from connecting to your network|change the Wi-Fi password when someone leaves]], to prevent them from connecting to your network.
+For larger organisations, "WPA Enterprise" is more likely to be suitable, but it requires a higher degree of IT knowledge to set it up.
 ====Change all default passwords ====
@@ Line 16: / Line 30: @@
 ====Disable access from the Internet ====
-Unless you specifically need it (in which case, set it up securely), disable access to you Wi-Fi equipment / router from the Internet.
+Unless you specifically need it (in which case, set it up securely), disable access to you Wi-Fi equipment / router from the Internet. This means both the administrative interface, and the devices themselves - if you do need to have remote access, plan it carefully, and lock it down (e.g. to specific IP addresses, lock out IP addresses if they get the username/password wrong more than a few times, add [[two-factor_authentication|multi-factor authentication]]).
+====Use a firewall ====
+Firewalls are devices (or software applications) which control what traffic is allowed to move between networks according to rules you set — for example, between the Internet and your office network.
+Most consumer-grade routers do not have a firewall, and rely instead on something called "network address translation". While this can have an effect a bit like a firewall, consider investing in a router with proper fireballing software. Pay someone to set it up securely for you, if you are not confident doing it yourself.
+For example, a [[https://www.firebrick.co.uk/fb2900/|FireBrick]] is an affordable, versatile network applicable, which incorporates a firewall, and a tool for checking your firewall rules.
 ==== Make sure someone in the firm has the admin usernames and passwords, or admin access ====