Wireless networks can be extremely useful. They allow employees to be mobile, and thus get access to data without being tied in front of their computer screens. However, wireless networks can also be a source of trouble.
Some hackers will try to get access to sensitive information by sniffing your company's Wi-Fi data packets. And sometimes, they don't even have to be near the company premises! It is quite easy to utilize a few dedicated applications that are able to run on autopilot, and then use a laptop (and sometimes even a modern smartphone) which will connect to the target Wi-Fi network on its own, and then start collecting user names and passwords.
Wireless security has always been a hot topic. The first protocol (WEP, Wired Equivalent Privacy) has proven to be very weak, because the encryption key can be recovered through packet eavesdropping within minutes. The next Wi-Fi encryption protocol, WPA, has tightened packet security by scrambling the data encryption keys. Still, since some of the security mechanisms were based on portions of the vulnerable WEP, Wi-Fi Protected Access was flawed as well.
Things started to look much better when WPA2 was introduced. It utilizes the much more secure AES (Advanced Encryption Standard) encryption algorithm, using dynamic encryption keys. WPA2 can work in PSK (Pre-Shared Key) and Enterprise mode, our preferred solution.
The system uses a RADIUS authentication server; we can use either a Windows server, or FreeRADIUS, an open source project that can run under Windows, Linux and Mac OS X. To maximize security, we recommend using a local server; the price for a good one that can work with FreeRADIUS starts at under $1,000.
We can also use a third-party, cloud-based RADIUS provider, of course. Since the encryption keys will not be stored locally, your network will be safe even if one of the clients that has access to it gets lost, or is stolen. Additionally, coworkers will not be able to peek at other people's network traffic.