With wireless hotspots sprouting overnight like mushrooms on a cool damp morning, it’s easy to see that wireless is hot. And, the popularity of wireless networks isn’t limited to SOHO (small office/home office) users. Larger organizations are starting to set up their corporate facilities with wireless access points in order to provide their users with flexibility in accessing network resources from previously inaccessible and unwired locations. The freedom of flexibility comes at a cost though. WLANs (wireless LANs) have potential security problems everyone should know about.
One problem quickly surfaces when organizations assume their wireless networks are automatically secure from the get-go (or “right out of the box”). Wireless network manufacturers often set their product default security settings at a low threshold by design. Products manufactured in this way are more compatible with a diverse assortment of existing software and hardware systems during installation. Understandable from the manufacturer’s standpoint; however, that threshold is usually inadequate to protect the internal network from compromise. After a company’s administrators successfully install the network, however, they must up the security settings to meet the company’s requirements. Although passwords and some other authentication measures appear sufficient to protect wired networks from breaches, they certainly don’t suffice when it comes to wireless networks that are exposed through their wireless access points. Unlike traditional wired networks, intruders don’t need to have physical access to your premises to achieve access to your wireless data communications. Much like with radio waves; anyone listening in can receive the unprotected wireless broadcast whether their intentions are aboveboard (though some say we’d be hard-pressed to validate any such eavesdropping). There are methods for increasing the security of your wireless network; however, and we’ll examine them here. Turn Off SSID Broadcast An alphanumeric string called an SSID (Service Set Identifier) identifies your wireless network. The SSID broadcast arrives as an integrated, enabled part of most new wireless hardware devices, and it makes finding WLAN access points easy during your initial setup process. The SSID (or network name) for your wireless network is required so devices can connect to the network. Access points (which are the hubs or base stations of your networked computers) are a source of potential insecurity for your wireless network. Wireless access points lack innate authentication methods, leaving internal networks vulnerable. Circumvent this obstacle by having your administrators incorporate your existing authentication infrastructures into a wireless access point. To make your network more secure, your company’s administrators can opt to suppress the broadcast of the SSID by access points. By doing this, you allow users to connect to your network only if they know the correct SSID while preventing unauthorized users from scanning for available networks. Most hardware manufacturers (Linksys, 3Com, and the like) permit disabling your SSID broadcast, in essence, concealing your network. Your company doesn’t want random wireless devices connecting to your network; you can impede those connections by refraining from announcing (broadcasting) your presence and by withholding key pieces of information other users need to make a connection. If your network is not broadcasting, and if the knowledge that you’re running wireless is not widespread, then hackers will not readily target your system. If you want to disable your SSID broadcast (and/or your beacon signal) you have to display the configuration and administration screens of your specific wireless access point or router; refer to the users manual for specific instructions to learn how. Enable Security Long used in traditional message sending, encryption rises to the challenge when it comes to wireless security, as well. To make your data illegible to prying eyes, manufacturers include encryption schemes in their wireless equipment products. Be sure that your wireless devices use the highest encryption levels available; not low-level 40-bit encryption, but high-level 128-bit encryption. You can enable WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) encryption in your wireless system.
