'Tis the season for new and cool 802.11 enabled gadgets. Whether you have house guests jumping on your network with laptops, iPads, and smart phones, or employees showing up at work with their newly acquired Wi-Fi capable iPhones, tablets, and MacBooks -- here are some best practices to help keep your networks safe and secure.
First, as my friend and fellow Computerworld blogger Darragh Delaney wrote, make sure that these devices are patched and running the correct software versions. I won't go into detail on this point because Darragh did such a great job, but at work this should be pretty easy to police. At home? Well, my vote is to enforce it there as well. Yes, it'll make you seem even geekier to your friends and family, but that's a good thing, right?
When it comes to protecting corporate or "work" networks from personally owned wireless devices, some organizations use the "just say no" policy. Some of my friends run networks for the United States Department of Defense (DoD) and this is usually their policy. However, for many of us, this isn't an option. In these cases, best practice is to establish a "guest" wireless network and allow personally owned Wi-Fi devices access to only this network. The guest network should have Internet access (though you may want to throttle it) but should be blocked by a firewall from accessing your corporate LANs.
Traffic from this network to you corporate network should be scrutinized as any other inbound, off-network traffic would. Additionally, be sure to lock down the peer-to-peer or LAN connectivity within the wireless network. Even though these are non-company assets accessing a guest network, if your boss's new tablet catches some sort of virus from the smart phone that the new guy in accounting brought in, you may just find yourself trying to resolve the issue.
At home you have a little more control over whether or not to allow guests and their new, Random Array of Personal Wireless Devices (RAPWD - yeah, I just made that up) to access your 802.11 network. Personally, when I'm visiting someone and they won't allow me to access their wireless network I consider it on par with not allowing me to access their bathroom. One will most likely result in their shrubs dying, and the other will most likely result in all of the passwords on their wireless devices changing to "bite me" written in hex or binary, depending on how upset I really am.
My recommendation is to allow your guests access to your home network. Make it easy -- hand out little printed cards with the SSID and password, your mailing address, and any other info that may be helpful. However, as Darragh mentioned, make sure these devices are patched and I recommend having a guest network at home, too. Chances are that your 802.11 router at home doesn't support a guest network option but picking up a second Wi-Fi router and configuring it as a guest network in your DMZ is cheap and easy.
If you're like me, you're the geekiest person in the family and you may even be the one gifting people with new wireless devices. If you're doing this and you're not willing to cough up network access - well, you're a mean one, Mr. Grinch.
Flame on...
Josh
Josh Stephens is Head Geek and VP of Technology at SolarWinds, an IT management software company based in Austin, Texas. He shares network management best practices on SolarWinds GeekSpeak and thwack. Follow Josh on Twitter @sw_headgeek and SolarWinds @solarwinds_inc.