This week Joe Carlucci, technical manager at 3Com, offers the top 10 tips for ensuring your wireless network is safe from hackers.
Security is essential if you are to get the most out of wireless technology. Despite the hype it is perfectly possible to have secure wireless computing, but there are some common mistakes to avoid.
This top 10 list of tips will help you to make your wireless environment more secure.
1. Put the access point in the right place
Start with the basics: within your network configuration, ensure wireless access points are outside your perimeter firewall.
2. Use MAC to stop a hack
Using Media Access Control (MAC) address-based access control lists will allow only registered devices to access the network. Although it can be spoofed, MAC address filtering is like adding another lock to your front door - the more obstacles you present, the more likely hackers will be encouraged to move on to less secure organisations.
3. Manage your wireless network ID
All wireless local area networks (Lans) come with a default service set identifier (SSID) or network name. Change it immediately with an alphanumeric name. If your organisation can handle the administrative work, change your SSID regularly.
Meanwhile, disable the automatic SSID broadcast feature, to avoid doing the equivalent of walking around with the network name written on your forehead:
Wired Equivalent Privacy (Wep) is the standard 802.11b wireless security protocol. It is designed to provide wired-like protection by encrypting wireless data as it transmits information.
Simply put, enable it, and then immediately change the Wep key from the default. Ideally, have your Wep keys generated dynamically when a user logs on, to make access to wireless data a moving target for hackers.
Session-based and user-based Wep keys offer the best protection and add another layer of deterrence.
5. But Wep is not foolproof
Take care not to put all your encrypted eggs into the Wep basket. Many network administrators have learned the hard way that Wep is just one security layer of many and should not be relied on as the sole security measure, despite its role as the pre-eminent encryption security.
Look into Wi-Fi protected access and its future.
6. VPN is one of the best security mechanisms to have
If each security option is like another locked entrance hackers must penetrate, changing SSIDs, enabling MAC address filtering, employing dynamic Wep key generation and then a virtual private network (VPN) is like creating a bank vault door.
VPNs offer a higher layer of security (Layer 3) than Wep, and allow a secure end-to-end tunnel between user and network.
7. Make use of existing Radius servers
Remote users of larger companies are often authenticated to use the network through a remote authentication dial-in user service (Radius) server. IT managers can integrate wireless Lans into the existing Radius infrastructure to manage users more simply.
Radius not only enables wireless authentication, but ensures that wireless users go through the same authorisation and accounting approvals as remote users.
8. Simplify your security: integrate wireless and wired policies
Wireless security is not a separate network infrastructure requiring different procedures and protocols. Develop a security policy that combines both wired and wireless security to ensure management and cost advantages.
For example, integrate a single user ID and password requirement for all users, whether they are accessing the network through your wired or wireless infrastructure.
9. Not all wireless Lans are created equal
While 802.11b is a standard protocol and all equipment bearing the Wi-Fi trademark will operate with the same base functionality, not all wireless equipment is created equal. Many manufacturers' equipment does not include enhanced security features.
10. Do not allow just anyone to set up the network
Wireless Lan set-up is now so simple that non-technical staff are installing their own wireless routers or access points in their office departments with little thought for security.
Regularly scan the network with intrusion detection tools to root out rogue networks providing potentially susceptible hacker entry points. Create a policy that restricts wireless Lans from being established without formal systems administration approval and deployment.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally