10 ways to improve the security of your wireless network
Wireless technology is now in almost every business and home, but a wireless network is inherently insecure and it is essential that every business ensures that their wireless networks are secured against the latest threats. Below are 10 simple tips for improving the security of your wireless network.
Implementing a wireless networking system can result in serious security problems if the system is not properly secured. In fact, some Internet service providers have clauses in their agreements that indicate that service is not to be shared with people outside of those covered by the agreement. If you deploy an insecure wireless network, it could result in a loss of service, or in the use of your network as a launching pad for attacks against other networks.
The point of properly securing a wireless access point is to close off the network from outsiders who do not have authorisation to use your services. A properly secured access point is said to be “closed” to outsiders. A wireless network is more difficult to secure than a typical wired network due to its nature. A wired network has a limited number of fixed physical points of access while a wireless network can be used at any point within the range of the antennas. To help you close these security holes, here is the first of our 10 wireless security tips
We like to ask our customers this question, "Do you know where your wireless signal is?" Unless you know exactly how far your wireless network reaches, and in what directions it travels, chances are you're leaking a Wi-Fi signal that anyone with a laptop and a Wi-Fi card – including hackers – can use for free. A site survey will tell you exactly how far your signal reaches. We can help you measure signal strengths at various points in and around your business environment.
Businesses need to be aware that their network's AP signal could be traveling further than they want and creating a potential security breach. Encryption offers a good deal of protection, but the longer someone has access to your network, the greater the chance they can crack it.
Remember WEP encryption can be cracked. If your signal leaks out into the parking lot, you're giving someone the time and opportunity to hack you. If the signal's contained to your office, you significantly reduce the likelihood of an outside attack.
2) Plan antenna placement
(See our next series of tips for more information).
Wireless encryption protocol (WEP) is a standard method to encrypt traffic over a wireless network. While it has major weaknesses, it is useful in deterring casual hackers. Many wireless access point vendors ship their units with WEP disabled in order to make the product installation easier. This practice gives hackers immediate access to the traffic on a wireless network as soon as it goes into production since the data is directly readable with a wireless sniffer.
Encrypting your network makes it difficult for hackers to crack in and use your wireless connection, access your data, or perform other malicious actions. Encryption's an effective hacker deterrent.
The thought of trying to hack a 128-bit or 256-bit cipher is enough to send a hacker packing — and looking for an easier target. There are two types of encryption: WEP and WPA with AES encryption. The 128-bit WEP encryption can be cracked, but it can take up to four hours of work to do it. To date, 256-bit AES has never been cracked.
Most wireless access points (APs) support both WEP and WPA standards, but not all client cards (the Wi-Fi card that plugs into your laptop) support AES encryption, which requires a dedicated chip.
At first, this may sound like a strange security tactic, but for wireless networks, it makes sense. With this step, hackers would be forced to decipher your IP address, subnet mask, and other required TCP/IP parameters. If a hacker is able to make use of your access point for whatever reason, he or she will still need to figure out your IP addressing as well.
8) Stick With the Same Vendor
Buying your APs and Wi-Fi cards from the same vendor increases your network performance and reduces compatibility issues, since not all vendors support the same features. “Turbo Mode is an example of this.
Some manufacturers build a Turbo mode into their APs and Wi-Fi cards. It's supposed to double your network throughput, but it only works if all your cards come from the same vendor. It could even be available only on a specific card within a vendor's line.
D-Link has an AP and a Wi-Fi card that are specific to the Turbo mode feature. The company makes lots of cards and APs, but not all of them support that feature. This is true of most vendors.
9. Place Your Wireless Network on Its Own VLAN
A VLAN (Virtual Local Area Network) is a way of segmenting your network so that employees can access only the job-related resources they need without having access to the entire network.
Not everyone on your network needs to know everything. Introducing VLANs is a way to add a layer of internal data protection to your business. This is a somewhat more costly addition to a wireless network, but a good option if your business requires compliance with HIPAA or other types of state and federal regulations, or if you want to make sure that your personnel or other backend data isn't readily accessible.
10. Set Up a Secondary Authentication Mechanism
Authentication is a way that people can prove they are who they say they are in order to access a network or any secure area. The most common authentication method is the user name and password. But companies dealing with highly sensitive data might want to consider adding a second method on top of the type they currently employ.
A RADIUS server is one option although this solution can be expensive depending on the size of the business. A number of low-cost solutions for small businesses exist to help them use authentication servers that utilize the protocol called 802.1X. They include software packages like LucidLink or Elektron that runs on a local computer to turn it into a RADIUS authentication server, or hosted RADIUS like WSC Guard or WiTopia.net.
The type of business that needs a higher level type of security are typically hospitals or medical practices that need to comply with HIPAA regulations. Other fields include financial services that must comply with Sarbanes-Oxley or industries with the money and the need to install a locked-down wireless network.
For more information relating to Networking, Network Security and Network Storage please go to our specialist websites:
Network Security http://www.primary-security.co.uk/
Network Storage www.Primary-Storage.com
IT Services http://www.primarynetworksgroup.com/id2.html
Or to find out more about all of our products and services, go to www.PrimaryNetworksGroup.com
Source: Free Articles from ArticlesFactory.com
ABOUT THE AUTHOR
Nigel Bush has worked in the IT industry for over 30 years, mainly related to communications and networking. His experience includes designing software (now known as firmware) for the early ICT/ICL communications devices of the 1970s like the 7020 remote job entry station. Later in his career he was Project Manager for the design and implementation of the ICL/Fujitsu Open Systems Network (OSNET) which was one of the world's first Ethernet Access products of the mid 1980s.
He is now Technical Services Manager at Primary Networks Group where he oversees all the company's technical projects.