Skip to content

DA7. Wired vs Wireless LAN Security

Statement

Security measures are a major consideration while planning any network. Compare security needs in “wired” Local Area Networks (LAN) and wireless LAN networks. Which network type do you think requires more stringent security measures?

Answer

Network security is of increasing value as our usage of networks grows and the number of cyber-attacks increases. Wired and wireless Local Area Networks (LANs) have different security needs, with wired LANs considered more secure because the attacker needs to physically connect to the network to launch an attack.

The Wired LAN is usually more secure as it is not accessible outside of the building or the premises where it is installed. Below are some security measures that can be implemented to secure wired LANs (Bialy, 2022):

  • physical security is the first line of defense for wired LANs; no authorized access to the building where each room also needs access control (lock that opens with cards or biometrics), clearly written procedures about the followed practices, and extra security around the main network devices like switches, routers, and patch panels.
  • Segmentation is a good solution where the building and the network are divided into logically isolated zones that have clear boundaries between them, thus, an attacker can only damage a limited area and not the entire network.
  • Micro-segmentation is another solution that involves using security groups to further segment each segment in a network.
  • Guest Access is also a good solution that allows buildings to still give internet access to guests while limiting their access to the network by using specific ports for guests, and these ports have limited access to the network.

The Wireless LAN is more vulnerable as its nature must support flexibility and mobility for the connecting devices. The solutions to secure Wireless LANs include (Cisco, n.d.):

  • Changing the default password of the router.
  • Using MAC access filtering where the MAC unique ID of the device is used to identify the device and decide giving or deny access to the network.
  • All traffic must be encrypted using a good end-to-end encryption protocol such as WPA2 or WPA3.
  • Use a VPN to connect to the network through a secure tunnel and encrypted identity.
  • Use a firewall to filter the incoming and outgoing traffic and block any malicious traffic.

To conclude, no network is fully secure, even the ones that are disconnected from the internet; the lesson here is to consider all networks as vulnerable by default and to take all necessary precautions to secure them, regardless of the network type (wired or wireless), and even if the attack seems highly unlikely (Castaneda, 2008).

References