Is Your Business Wireless Network Secure?
(2 votes, average: 5 out of 5)
Loading ...
Think wireless network connections to your business are secure? Using 128 Bit WEP encryption for those connections? Think again.
Recently, several individuals have been asking me for suggestions to improve the security of their wireless connections. In one case an individual indicated that she had seen a vehicle pull up to her place of business each day and drive away after some time. It seemed suspicious and she approached the occupant the following day. According to her, it seems he may have been using a laptop to access wireless networks. Assuming she was well protected (because her wireless connection was encrypted), she thought it would take hours to decrypt and access her network. She asked me as much, as if expecting confirmation and seemed somewhat taken aback when I told her (based on her network), it would take maybe 10 minutes. There’s a video showing this activity, where the individual takes 8 minutes here: Ubuntu to Crack WEP.
While the video in that post may seem somewhat technical, the bottom line is that the individual providing the demonstration gains network access in eight minutes. What’s equally surprising to many business owners is that the tools used are easy to obtain, easy to learn and guides to network hacking are abundant.This begs the question, what can we as business owners do to protect ourselves from fraudulent activities, data theft and other nasties? What follows are just some of the issues that you can address with your security personnel can address.
Use better encryption methods. Don’t use WEP encryption as it’s easier to garner unauthorized access. Instead, ensure your wireless network uses WPA or better. Remember the video? It really is that easy!
Decrease your signal strength. Many access points provide a feature that facilitates the lowering of your signal strength. Why is this important? Lowering the signal strength limits the distance that your wireless network covers. In an ideal scenario, it is not wise to have your wifi network extend out to the curb where passers by might be able to access the network. Try keeping those access points closer to the middle of your business property, not beside walls or windows.
Disable SSID Broadcasting. SSID stand for “Service Set Identifier” it is used to define the “name” of the wireless local area network. All computers using the same SSID can communicate with each other. Unauthorized individuals don’t need to know the SSID, so disabling the broadcasting simply makes things more inconvenient for the would-be hacker. There are software packages that assist with scanning data packets and obtaining the SSID anyway, but disabling the broadcasting makes things less inviting.
Require users to login. For added security, require users to login once they have established a connection. This extra step helps to improve network security. Additionally, should users connect and not be prompted to enter a username and password, they should realize something is wrong. In this case they may have connected to the wrong network or connected to a Rogue Access Point, meaning another network connection point has been placed close enough to your business, so that personnel connect to the unauthorized “point” instead of your own business network.
Change hardware defaults. Ensure the default settings and administrative passwords on all access points and routers are changed. (Use strong passwords instead). These defaults are published on the Internet by many individuals. Leaving the default passwords configured on your hardware connectivity devices is akin to hanging a “Help Yourself” sign on your wireless network.
Limit who can access the network. Configure your access points to only allow connections from devices (wireless cards for example) using an authorized MAC address. What’s a MAC address? Media Access Control address (MAC address) is a quasi-unique identifier attached to most network adapters. It is a number that acts like a name for a particular network adapter, so, for example, the network cards (or built-in network adapters) in two different computers will have different names, or MAC addresses, as would an Ethernet adapter and a wireless adapter in the same computer, and as would multiple network cards in a router.
While my points above are by no means a definitive guide or a fully effective wireless security guide, they do provide you with some issues you should discuss with your security consultant. In my opinion, the best way to improve your wireless security is to maintain a proactive approach. Additionally, when discussing these issues with your security consultant or personnel it’s important to capitalize on deterrent methods. The harder your wifi network security is to circumvent, the more likely the perpetrator may move to an easier target.
If you have any questions or comments, please feel free to leave a reply below.
——————————————————————–
Guest Blogger - Roger Wheatley of UbuntuLinuxHelp.com
Roger is a seasoned independent certified computer network engineer and web development business consultant. For several years he also provided high quality technical training services to corporate and public Network Engineering Students seeking industry certifications. In 2002 Roger launched his own brand company, providing technological based solutions to small and medium sized businesses. The services provided range from Web Development and Web Site Hosting to PC/Network design and computer training services.
In launching his “brand” company, Roger drew on 25+ years of experience in business management and technical operations. His experience imparts an ability to implement practical and effective solutions for the needs of today’s businesses. In addition to coordinating business operations and participating in web projects. He has contributed essay’s and commentary on a wide range of web site related issues from content development, spam avoidance, online security, etc.
Leave a Reply