Wireless Networks are Cheap and Easy to Install, BUT…
Wireless Networks are Cheap and Easy to Install, BUT…Wireless Local Area Networks (LANs) are cheap, easy and quick to install. Gone are the days when you needed to hire cabling specialists to run a web of cabling and make holes in your freshly painted walls. Gone also are the miles of tape and twisted ankles associated with running wires across hallways and aisles. For general networking applications in small to medium businesses, wireless LANs are a great choice to get connected.
With ease and speed of deployment, come major security issues that can turn your wireless network into a hacker's free ride on your business' Internet connection. Or worse still, expose your sensitive financial information to anyone walking by your office.
What most people don't realise is that virtually all security features in wireless equipment are, by default, turned off to make installation “quick and easy”. You need to take further steps to ensure that you are adequately protected.
In this article you will learn some Basic and Advanced levels of security optimisations that will secure your wireless LAN.
Basic Security Optimisations
The following are the minimum security settings you should configure on your wireless equipment. NEVER use your wireless network in a live environment using the manufacturer's default settings!
Change the default Service Set Identifier (SSID). The SSID is a unique name for your wireless network and is used by your workstations and laptops to connect to it. Equipment vendors ship their equipment with easy-to-remember preset SSID's. Hackers know that if they find a wireless network with a preset SSID it may be unsecured. When changing the SSID, stay away from easy or obvious names such as the name of your company or address. Make the SSID a complex string of characters, including letters and numbers. The more complex the SSID, the harder it will be for a hacker to connect to your LAN.
Disable the “broadcast” of the SSID. By default, wireless equipment broadcast (just like a TV or radio station) their SSID. This makes it easier for workstations and laptops to connect. You want to make it as hard as possible for hackers to connect to your wireless network. Stopping the broadcasting puts your wireless LAN into “stealth mode”.
Set up MAC Address Authentication. Every network adapter has a globally unique number assigned to it. This is called a MAC address. Configure your access points so they allow only workstations or laptops with specific MAC addresses to access the network. By doing this, only those network adapters will be permitted to connect to the access point. All others adapters will be refused a connection.
Enable the highest level of Wireless Encryption Protocol (WEP) that ships with your equipment. WEP is a protocol that scrambles and unscrambles the data between your workstation or laptop and the wireless access point. This makes it difficult for hackers to “read” the information travelling on your network. Use a minimum of 128 bit encryption, or select the maximum that your equipment supports.
Advanced Security Optimisations
Place access points on separate networks and put a firewall between those networks and the main corporate network. This provides enhanced control of traffic to different areas of your network from each access point.
Implement a Virtual Private Network (VPN) over your wireless LAN. This technology makes it possible for users to communicate securely over a VPN tunnel between the workstation or laptop and the wireless access point. VPNs make use of strong encryption and authentication as ways of hiding information about your wireless LAN from potential hackers. This solution typically requires a separate VPN server.
Educate your staff about the security risks of wireless technology, then create and enforce a wireless security policy.
For home and small-medium businesses, the basic security optimisations are essential and can be implemented without any additional cost. Almost all wireless equipment supports this level of security, however it is not enabled by default.
For medium-enterprise businesses, the basic optimisations plus a VPN solution is the preferred choice. These solutions typically support centrally managed administration for large numbers of users as well as ease of deployment and control. VPN technology ensures that your network is strictly limited to users who have specifically been allowed access.
Of course, there are many more features you can add to your wireless LAN to make it even more secure (such as intrusion detection systems and application-level security systems). However implementing at least the basic security optimisations will keep you largely out of trouble. If you have the budget, consider some of the advanced options.
If you are interested in discovering if your existing wireless solution is secure, or if wireless technology is suitable for your business, please contact us for a no obligation, free assessment.
Newpath IT – Business Powered Technology.
© Copyright 2004. Newpath IT Pty Ltd. All rights reserved.