R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Bugwatch: Secure wireless computing

The top 10 ways to spoil a wireless hacker's day

Joe Carlucci, vnunet.com 16 May 2003
ADVERTISEMENT
Each week vnunet.com asks a different expert from the antivirus world to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.

This week Joe Carlucci, technical manager at 3Com, offers the top 10 tips for ensuring your wireless network is safe from hackers.

Security is essential if you are to get the most out of wireless technology. Despite the hype it is perfectly possible to have secure wireless computing, but there are some common mistakes to avoid.

This top 10 list of tips will help you to make your wireless environment more secure.

1. Put the access point in the right place
Start with the basics: within your network configuration, ensure wireless access points are outside your perimeter firewall.

2. Use MAC to stop a hack
Using Media Access Control (MAC) address-based access control lists will allow only registered devices to access the network. Although it can be spoofed, MAC address filtering is like adding another lock to your front door - the more obstacles you present, the more likely hackers will be encouraged to move on to less secure organisations.

3. Manage your wireless network ID
All wireless local area networks (Lans) come with a default service set identifier (SSID) or network name. Change it immediately with an alphanumeric name. If your organisation can handle the administrative work, change your SSID regularly.

Meanwhile, disable the automatic SSID broadcast feature, to avoid doing the equivalent of walking around with the network name written on your forehead:

4. Wep
Wired Equivalent Privacy (Wep) is the standard 802.11b wireless security protocol. It is designed to provide wired-like protection by encrypting wireless data as it transmits information.

Simply put, enable it, and then immediately change the Wep key from the default. Ideally, have your Wep keys generated dynamically when a user logs on, to make access to wireless data a moving target for hackers.

Session-based and user-based Wep keys offer the best protection and add another layer of deterrence.

5. But Wep is not foolproof
Take care not to put all your encrypted eggs into the Wep basket. Many network administrators have learned the hard way that Wep is just one security layer of many and should not be relied on as the sole security measure, despite its role as the pre-eminent encryption security.

Look into Wi-Fi protected access and its future.

6. VPN is one of the best security mechanisms to have
If each security option is like another locked entrance hackers must penetrate, changing SSIDs, enabling MAC address filtering, employing dynamic Wep key generation and then a virtual private network (VPN) is like creating a bank vault door.

VPNs offer a higher layer of security (Layer 3) than Wep, and allow a secure end-to-end tunnel between user and network.

7. Make use of existing Radius servers
Remote users of larger companies are often authenticated to use the network through a remote authentication dial-in user service (Radius) server. IT managers can integrate wireless Lans into the existing Radius infrastructure to manage users more simply.

Radius not only enables wireless authentication, but ensures that wireless users go through the same authorisation and accounting approvals as remote users.

8. Simplify your security: integrate wireless and wired policies
Wireless security is not a separate network infrastructure requiring different procedures and protocols. Develop a security policy that combines both wired and wireless security to ensure management and cost advantages.

For example, integrate a single user ID and password requirement for all users, whether they are accessing the network through your wired or wireless infrastructure.

9. Not all wireless Lans are created equal
While 802.11b is a standard protocol and all equipment bearing the Wi-Fi trademark will operate with the same base functionality, not all wireless equipment is created equal. Many manufacturers' equipment does not include enhanced security features.

10. Do not allow just anyone to set up the network
Wireless Lan set-up is now so simple that non-technical staff are installing their own wireless routers or access points in their office departments with little thought for security.

Regularly scan the network with intrusion detection tools to root out rogue networks providing potentially susceptible hacker entry points. Create a policy that restricts wireless Lans from being established without formal systems administration approval and deployment.

See also:

Gordon Laing
Laziness puts Wi-Fi security at risk
If you're paying for wireless access it doesn't make sense to allow others to use it  22 Jul 2004
How to Sell: Wireless - Part 3 - Securing sales
Problems with wireless security are based on past flaws, and are perception rather than reality, writes Marc Ambasna-Jones.  27 Oct 2003

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Software Test Engineer
| JAM Recruitment
Software Test Engineer 6 Weeks Contract £ 35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements ... more >
Software Test Engineer
| JAM Recruitment
Software Test Engineer 3 Months Contract £35 per hour Wiltshire We have an urgent need for a Software Test Engineer. Main Duties: ·Sound understanding of full software lifecycle ·Solid experience in requirements analysis ·Requirements based ... more >
Business Analyst
| Aston Carter
Major Investment Bank requires a Business Analyst to work within reference data IT. The reference data IT function is responsible for the three internal systems. One of the systems is a strategic repository for Client ... more >
Occupational Health Opportunities
| JAM Recruitment
Job Ref: CY - 27021979 Package: £25 – 42,000 +Bens Location: YORKSHIRE Job type: Occupational Health Position type: Permanent Hours: Full time Contact name: Mr Colin Youle Contact Company: JAM HUMAN RESOURCES Are you a ... more >
More job opportunities
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
Computing Business
CRN
Financial Director
Infomatics
Information World Review
IT Week
Management Consultancy
Network IT Week
Personal Computer World
PC Magazine
VNU Web seminars
vnunet.com
Webactive
What PC?
Useful links: About vnu network | Privacy policy | Terms & conditions
Access keys | Top of page | Feedback
VNU Business Publications
© 1995-2008 All rights reserved
VNU Business Publications Ltd., 32-34 Broadwick Street, London, W1A 2HG, is a company registered in England and Wales with company number 01513633
part of part of vnu.net europe