WiFi access control authenticates and authorizes devices and users before providing access to the network.
WiFi access controls do not exist in public hot spots such as hotels and Starbucks. As a result, many users may be unaware that using these hotspots means that they are sending their data "in the clear" – making their data accessible to anyone within range. In addition, insecure use of WiFi hotspots permits man-in-the-middle attacks of web traffic.
Many WiFi access points still use insecure protocols such as WEP and WPS.
Network 2020 strongly recommends using WPA2-802.1X WiFi access controls within the corporate network. Even better is to require SSL or IPsec for all communications over WiFi.
For home WiFi access points, employees should be required to use WPA2-PSK security with at least a 13-character password and an SSID not listed in the top 1000 names to mitigate rainbow attacks (the SSID is a salt for the password).
In addition, all users should avoid unencrypted public hotspots. If use of a public location cannot be avoided, users should create an IPsec or SSL VPN back to the corporate network immediately after connecting to the hotspot and disable split tunneling so that all traffic goes through the VPN tunnel.
PC users may want to use AirDefense to help detect erroneous WiFi agent configurations and mitigate some malicious threats.