Wireless network security

Wireless networks are becoming more and more popular in homes and offices as they offer a very convenient way to network. The concerning issue is that in many sites we have visited wireless networks were poorly configured and insecure. Compounding the problem is some of the more spurious advice that is around on wireless networking security.

In this article we will give you details of how best to secure your wireless network and dispel some of the myths.

Why is wireless security so important? Wireless network security is of paramount importance! You wouldn’t leave your premises unlocked and yet leaving your wireless network open is doing exactly this!

An insecure wireless network allows anyone in the vicinity to attach to your wireless network. Once they are on your wireless network they have access to your file servers, databases, email servers, etc. Even if they are secured the hacker has a foot in the door and can work on stealing and abusing your network resources even if it is only your internet bandwidth.

Common wireless networking misconceptions

As wireless technology improves it presents a number of opportunities to businesses in terms of simplifying installations, enabling more mobile working, and enabling working in places that might not previoulsy be possible without installation. However many are hesitent due to misconceptions, or get it wrong when they do adopt it due to some common misconceptions …..

Wireless networking is insecure

This is only if it is poorly configured, however it is very easy to secure a wireless network to a point where it is more secure than your average wired network because the network traffic over wireless is encrypted where wired networks typically aren’t.

“Secure” Wireless routers are

Just because your wireless router or access point says it is secure on the box does not mean that it is configured so. Often they are not configured secure by default.

In most cases routers are shipped with no security configuration by default and so it is down to the user to do this.

Hiding your Service Set Identifier (SSID).**

Hiding your network ID would only stop the most casual browser from bumping into your network. For all the security this offers you may as well enable it to simplify user setup and administration because Windows® XP zero configuration needs the SSID.

Restricting access using the MAC address.**

While offering slightly more security than hiding your SSID this again is of little value as free utilities exist that will allow you to obtain a list of MAC addresses which you can then use to impersonate another computer. It’s also a real pain to administer if you have more than a handful of computers or you have guests who require access.

WEP encryption

WEP will keep casual and non-technical users out of your network, but WEP ultimately it offers little protection and can be easily cracked using freely available utilities to calculate the encryption key. Dynamic WEP is better than static WEP however there are newer improved encryption protocols available

Disabling DHCP

It would take a hacker very little time to determine an IP address for you network and so by disabling DHCP your are simply adding to your .upport requirements.

Antenna / Access point placement

Probably the most absurd method of securing your network! If you can just move or get a more powerful antenna you can gain access. Always design your wireless network for optimum coverage although it is sensible to try to avoid excessive radiation beyond your perimeter.

How should I secure my wireless network?

Change the admin password

First and foremost change the default administration password to something that can’t be guessed to prevent anyone gaining access and configuring your router.

Restrict admin access

It’s a good idea to only grant administration access to those connected to the LAN however remote access is often necessary for small businesses with remote I.T. support. Where remote access is required use SSL if it is available and a strong password.

Physical security

Depending on the environment you are in physically secure the wireless router or access point to restrict access and prevent resetting.

Use appropriate encryption and authentication

It is recommended you use WPA with Temporal Key Integrity Protocol (TKIP) to secure your network. There are various forms of WPA available however for most, the easiest method is to use a pre-shared-key. You can also use WPA with an authentication (RADIUS) server to authenticate users against however this is better suited to larger organizations.

In some cases we have found that wireless network cards need their software upgrading in order to support WPA however most newer wireless cards will support it but you should check before buying one.

Conclusion

Secure wireless network products don’t necessarily come secured out the box and also support insecure security techniques however once armed with a little know how you are only a few clicks away from securing your wireless network.