2

What are the security risks associated with installing a Wi-Fi (802.11) network in-comparison to a wired network for internet connection?

Oliver Kuchies
  • 141
  • 5
  • You need to give us more details : Public access to internet like in airport or with a known list of people ? Only Internet, no lan or servers ? only in private areas or public areas ? Is there external/hostile areas ? Is there already wifi for other uses ? .... Security is more than the mean and must be understood as a complete end to end thought. – Antoine Rodriguez May 30 '16 at 10:06
  • Just Wi-Fi in general. Doesn't matter where it is. I'm talking about the Wi-Fi technology in comparison to simple cabling. – Oliver Kuchies May 30 '16 at 10:10
  • It does matter. For instance : A knife is not secure ... It does not mean that you doesn't need it and the risks depends on how you use it... In your subject and conditions : any risk can be explained and justified in both worlds at the same time ... for instance in the Bubble Hacker answer in the bad list : a wire can be outside a building or in a public area and being tapped ... so you can fear being hacked remotely. Security is not absolute ... – Antoine Rodriguez May 30 '16 at 10:46
  • 1
    Possible duplicate of [If someone hacks my wi-fi password, what can they see and how?](http://security.stackexchange.com/questions/30261/if-someone-hacks-my-wi-fi-password-what-can-they-see-and-how) – Stephane May 31 '16 at 07:38

3 Answers3

3

This kind of depends on how strong you want your network security policy to be.

Lets point out the main good and bad things about a WiFi network:

Good:

  • Convenient for the office workers to work from anywhere in the office
  • No need for cables and switches (This saves money and time)
  • Keep better track of your users and have more control straight from the AP control panel

Bad:

  • Using cables a hacker will have to come into your office and plug his hacking device into the network while on WiFi he can do this from standing a few meters away from your office or maybe even on a different floor.

  • Can be easy hackable or social engineered since people do not understand how important a WiFi password can be.

  • On a WiFi it is very hard to set up vlans and so if all devices are connected to the same AP an attacker can find all of them and preform attacks on each node.

In conclusion:

While WiFi might be a good solution for the IT team, security wise, having a WiFi network that is poorly configured(Which is the usual case) is a bad idea if it is not necessary and should be avoided.

Bubble Hacker
  • 3,615
  • 1
  • 11
  • 20
  • WiFi doesn't eliminate the need for cabling and switches. The WAPs are still connected, with cables, to switches. You just don't need a wired drop to every endpoint. It usually saves money, but anyone who's ever had to troubleshoot wireless can tell you it's not usually a time-saver, at least in the long run (and a thorough wireless survey can easily cost as much as wiring an office up for Ethernet, so there's that too). – HopelessN00b May 30 '16 at 07:00
0

When visitors (or clients or providers) come in your office, they are unlikely to plug their computers in an ethernet socket. But they can easily (even inadvertantly) connect their smartphone to an open WiFi.

If they regurlarly come, and if the WiFi is only protected by a simple password, they will soon know it because of social engineering.

Once that's identified, you must decide whether you want a private WiFi network and use security tools (PKI, MAC address control, ...) or just an open WiFi that visitors can use. In the former case, all connected equipments are seen as local network members, in the latter, you must considere the WiFi network like an external one and use same firewalling like you do on your internet connection.

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84
-1

If you are using a WiFi network with WPA2 encryption (which is standard nowdays), and a password of reasonable length/complexity, it is VERY hard to crack and could be considered secure, at least from a technical standpoint. Naturally people are the weak link in every system. It may be possible to coax the password out of a connected member. There should be sensible forms of segregation between different networks (public wifi in lobby, private wifi for employees, etc.), so that in the case of a breach, mobility in the network is hindered.

Adi
  • 1
  • 1