Wi-Fi network security is critical to every installation. Learn more about issues facing network installers and industry recommendations for securing network endpoints.
According to the recently released Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure report, adoption of cloud-managed wireless networks will double from 2018 to 2023. This means more Wi-Fi access points will be managed remotely from a central location. With Wi-Fi becoming foundational to business operations, protecting the integrity of the Wi-Fi infrastructure is paramount but will become more difficult with APs deployed at disparate physical locations. With high-density Wi-Fi deployments prevailing across remote facilities, the cost of endpoint management becomes a significant concern, especially if the endpoint is removed or damaged.
A well-executed and properly deployed wireless network is as electronically secure as a wired network. Most enterprise access points do not store encryption or other security information locally, so the network cannot be compromised if an access point is stolen. And, the access points themselves typically have little value to thieves, as they cannot be used without a controller or cloud subscription. However, there are some factors to consider when planning for the physical deployment and security of access points:
- The Wi-Fi network is mission-critical. Access points which have been disconnected, vandalized, removed, relocated, or otherwise disabled create a disruption in the network.
- If APs are not properly protected, an intruder or visitor can reset some APs to factory defaults and clear the security settings of the AP.
- If the port to which the AP is connected is not secured, visitors or intruders can plug into that port. Just as a wiring closest or telecom room is secured, APs and their associated ports should be secured.
- If APs and their respective ports are readily accessible and not secured, unauthorized rogue APs can be connected to the port.
Industry Recommendations
- Due to the sensitivity of information transported over wired and Wi-Fi networks, various industry groups have established requirements for securing information and endpoints (APs and ports).
- U.S. Federal Government – Directive 8100.2 mandates FIPS 140-2 compliance, wherein FIPS 140-2 paragraph 4.5 requires “physical security mechanisms” to be applied to wireless networks.
- Retail and other credit card accepting locations – The Payment Card Industry Data Security Standard (PCI-DSS) requirement 9.1.3 states that the operator must “Restrict physical access to wireless access points, gateways, and handheld devices.”
- In Healthcare – the TIA -1179 Healthcare Facility Telecommunications Cabling Standard specifies that due to the life and mission critical nature of the network, additional precautions shall be taken to secure telecommunications components.
- And, also in Hospitals HIPAA paragraph 64.310 Physical safeguards states A covered entity must, in accordance with 164.306: (a)(1) Standard: Facility access controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
Is a lock required?
Some facilities may require the access point to be locked in place. Oberon offers suspended ceiling, recessed hard wall and ceiling, and surface-mounted hard wall and ceiling locking enclosures and mounts. These products are "keyed alike" to simplify key management. In other cases, it may be adequate to provide a deterrent to access point and port tampering by recessing the AP into a ceiling or inside an enclosure which conceals the AP and port.
Oberon Model 1047 suspended ceiling AP enclosure with locking door
Oberon Model 1076 hard ceiling AP recess mount enclosure with locking door
Oberon Model 1040 suspended ceiling AP recess mount