Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information.

As the name suggests, wireless networks, colloquially called Wi-Fi, allow you to connect to the Internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area.

Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an Internet connection. This provides a ‘hotspot’ that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them.

Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID.

Because wireless networks do not require a wire between a computer and the Internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location.

This information is then usually posted online. Some individuals who participate in or take advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.

If your wireless LAN is located in a single family home, then you are probably more at risk from intruders coming in via your Internet connection than from people gaining access to your LAN over the air. But if your LAN has some means of wireless connectivity, you’ve added another way to access your LAN that doesn’t require getting past your router’s firewall and doesn’t even require physical access. So what can you do to minimise the risks to your wireless network?

Change default passwords: Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don’t provide any protection. Changing default passwords makes it harder for attackers to take control of the device.

Restrict access: Only allow authorised users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network.

Encrypt data on your network: WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data. Some products allow you to separately set the Authentication method to ‘Shared Key’ or ‘Open System’. Use the ‘Shared Key’ method so that encryption is used to both authenticate your client and encrypt its data. Look for and use products that support 128-bit WEP. Prices have come down on 802.11b equipment so there’s no need to buy something that doesn’t support 128-bit WEP.

Use non-obvious WEP keys and periodically change them: While the limitations that some wireless client utilities have don’t help (hexadecimal only support, single keys, forgetting keys, etc.), don’t make it easy for potential snoops to get onto your LAN by using simple keys like 123456, all ones, etc. Changing the keys periodically is more difficult, because it requires sending out information about the new keys to users and that can be a security problem in itself. But changing keys periodically can help keep your LAN secure, so consider getting a procedure into place to do it.

Don’t use TCP/IP for file and printer sharing: Access points are usually installed on your LAN, behind any router or firewall you may be using. If someone successfully connects to your access point, they’ll be on your LAN, just like any of your other clients. But since they’ll be using TCP/IP to make the connection, you can easily deny access to MS File and Printer sharing by using a protocol other than TCP/IP for those services. That way, they may get access to your Internet connection, but they won’t get access to your files.

Protect your SSID: Short for service set identifier, SSID is a 32-character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect. The SSID differentiates one WLAN from another, so all access points and all devices attempting to connect to a specific WLAN must use the same SSID. A device will not be permitted to join a network unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. An SSID is also referred to as a network name because essentially it is a name that identifies a wireless network To avoid outsiders easily accessing your network, avoid publicising your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess.

Install a firewall: While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network may be able to circumvent your network firewall - a host-based firewall will add a layer of protection to the data on your computer.

Maintain anti-virus software: You can reduce the damage attackers may be able to inflict on your network and wireless computer by installing anti-virus software and keeping your virus definitions up to date. Many of these programs also have additional features that may protect against or detect spyware and trojan horses.

Disallow router/AP administration via wireless: Unfortunately, this feature is usually only present in ‘Enterprise-grade’ APs, and shuts off the ability to administer your access point from wireless clients. But if your router/AP has it, use it!

Use VPN: Of course, if you really don’t want to take chances with your data, then you should run a VPN tunnel over your wireless connection, too. You may take a throughput hit, but isn’t your data’s security worth it? Short for virtual private network, VPN enables you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorised users can access the network and that the data cannot be intercepted.

BIOS, Apr 24, 06 | Print | Send | Comments (0) | Posted In Networking