In one system (company, newsroom) all computers, printers, storage devices (storage servers or mini data centers ), mail servers, routers [ROUTERS] and other components are connected to the internal, local network, physically (by cable) or wirelessly (wi-fi). These networks are usually based on the so-called client-server architecture. A client or user is a computer or other hardware component in everyday use, while a server is a special computer that allows clients to use the resources stored on it. These can be applications, web pages, files, emails, databases, etc. There are different types of servers: web server, file server, mail server, database server, etc. Due to the high concentration of sensitive data in this network, special protection measures are applied to it.
A wireless network may have different physical bands depending on the strength of the transmitted signal. Indoors, this range averages about twenty meters around the router, which often means that this network is available outside the room. Routers that emit a wireless signal have several layers of protection, the configuration of which is the task of the administrator, including setting up adequate protection measurers.
Below are the most common protection measures for wireless networks:
- Wireless security mode: It is recommended to use WPA2 (Wifi Protected Access 2) protection which has two possible applications. PSK (Pre-Shared-Key) is set easily, by setting a password [PASWWORD] , while Enterprise requires a slightly more complicated setup and an additional RADIUS (Remote Authentication Dial In User Server) server. In most cases, the PSK method is good enough as a protection mechanism for small and medium organisations, if the password meets the standards. Many routers [ROUTERS] also support WPS (Wi-Fi Protected Setup), a system that allows you to log in to a wireless network using a button on the router, without entering a password. This system has serious security flaws, so it is recommended that it be turned off on the router;
- MAC filtering: MAC address is the physical address of the device that connects to the network. The router can be configured to allow access only to addresses that are on its list. This method will not stop advanced attackers, who can detect the list of MAC addresses from the router and download some of the associated addresses for their device;
- Hiding SSID (service set identifier): SSID is the name of a network that is usually public. Similar to the MAC filter, hiding the SSID will not stop advanced hackers, but it will prevent some less capable attackers from playing with someone else's network;
- Using multiple wireless networks is recommended when there are at least two categories of people for whom the network is intended, for example employees and guests. Given the characteristics of wireless networks, the only way to physically separate the network used by employees from the network to which other visitors are connected is to maintain separate routers, where everyone will have their own cable that connects directly to the internet.