If you've ever Googled "Wi-Fi security," you probably have the basics down: don't use WEP, use WPA or WPA2; disable SSID broadcasting; change default settings. If you're looking for more advanced security tips for your WLAN, consider these the following five tips for bringing enterprise-level protection to even the smallest of networks.

#1 Move to enterprise encryption

If you created a WPA or WPA2 encryption key of any type and must enter it when connecting to the wireless network, you are only using the Personal or Pre-shared key (PSK) mode of Wi-Fi Protected Access (WPA). Business networks--no matter how small or big--should be protected with the Enterprise mode, which adds 802.1X/EAP authentication to the wireless connection process. Instead of entering the encryption key on all the computers, users would login with a username and password. The encryption keys are derived securely in the background and are unique for each user and session.

This method provides central management and overall better Wi-Fi security.

Instead of loading the encryption keys onto computers where employees and other users can recover them, each user logs into the network with their own account when using the Enterprise mode. You can easily change or revoke access when needed. This is especially useful when employees leave the company or a laptop is stolen. If you're using the Personal mode, you'd have to manually change the encryption keys on all the computers and access points (APs).

The special ingredient of the Enterprise mode is a RADIUS/AAA server. This communicates with the APs on the network and consults the user database. Consider using the the Internet Authentication Service (IAS) of Windows Server 2003 or the Network Policy Server (NPS) of Windows Sever 2008. If you want to go vendor-neutral, try the popular open source server, FreeRADIUS. If you find setting up an authentication server requires more money and/or expertise than you have, consider using an outsourced service.

#2 Verify physical security

Wireless security isn't all technical. You can have the best Wi-Fi encryption, but have someone plugging into an Ethernet port that's in plain sight. Or someone could come by and hold in the reset button of an access point, restoring it to factory defaults and leaving your network wide open.

Make sure all your APs are well out of the reach of the public and out of sight from employees, too. Instead of sitting an AP on a desk, mount it on the wall or ceiling--better yet, put them above a false ceiling.

You might consider mounting the APs out of sight and installing external antennas where you'll get the most signal. This will let you confine the AP even more while taking advantage of the increased range and performance of an aftermarket or higher gain antenna.

APs aren't the only piece of equipment to be worried about. All networking components should be secured. This even includes Ethernet cabling. Though it might be a little farfetched to some, a determined hacker could cut an Ethernet cable to tap into the line.

Along with mounting, you should keep track of the APs. Create a spreadsheet logging the AP models used along with the MAC and IP addresses. Plus note where they are located. This way you know exactly where the APs should be when performing inventory checks or when tracking down a problem AP.

#3 Setup an intrusion detection/prevention system (IDS/IPS)

These systems usually consist of a software program that uses your wireless adapter to sniff the Wi-Fi signals for problems. They detect rogue APs, whether a new AP is introduced to the network or an existing one is reset to defaults or doesn't match a set of standards you've defined.

These systems also analyze the network packets to see if someone might be using a hacking or jamming technique.

There are many different intrusion detection and prevention systems out there that use a variety of techniques. Open source or free options include Kismet and Snort. Commercial products are also available from vendors, such as AirMagnet, AirDefense, and AirTight.

Article courtesy of Datamation. For the final two tips, click here.