Carter Tech Blog
Securing your wireless LAN
- Font size: Larger Smaller
- Hits: 12457
- 0 Comments
- Subscribe to this entry
- Bookmark
Given the amount of attention in the media on people using other's wireless LANs to access the Internet - leaving the victim with a huge download bill or the Police knocking at their door when someone else uses their Internet to do something illegal it amazes me how complacent some businesses are when it comes to the security of their wireless LAN.
On numerous occasions I have started with a new client and discovered that their last support person/company left their wireless LAN unsecured. The most common reason I am told for this is because "it wouldn't work properly with the key turned on". Instead of fixing whatever caused the network to not work with a security key enabled, they have simply left a gaping big hole in the organisation's network that anyone could exploit.
All the firewalls and security systems in the world won't protect you if your network is open to anyone within wireless range. It's like locking the doors of your car and leaving the window down. Do you really think the thieves are going to jimmy the locks when you have left an alternate way in? Networks are the same.
Not only is having a security key on your wireless LAN important but so is the method of security you use. Having a security key with no encryption is pointless - every piece of information sent over the network can be snooped by someone within range (including the key). Using WEP is a little better, however a WEP-secured network can be hacked in as little as three minutes by someone who knows what they are doing.
To better protect your network, set the security on your wireless access point to WPA2 (or at the absolute minimum WPA). If you have devices which can not use this method of encryption you should check to see if they can be updated or replaced - only if the device is essential to your business and can't be replaced to another that is WPA compatible should you consider downgrading your network encryption to WEP.
After keys and encryption the next layer of security which you can use to enhance your wireless security is to use MAC filtering. Every wireless device has a unique identifier known a Media Access Control (MAC) address. Most access points will allow you to only allow connections from specified MAC addresses (and therefore only devices matching one of those addresses), however this security isn't as valuable as it may appear as MAC addresses can be easily faked but it does provide another layer of security.
No wireless security method is guaranteed to keep the bad guys out, however using WPA2 and MAC filtering will make hacking into your wireless network a little harder. We always suggest that businesses with a wireless network should consider using a system based on 802.1x authenticaation which issues each user with a unique username and password and changes encryption keys on the fly. This provides the best possible security on the network. Keep your eyes out for a new post about why you should use 802.1x soon!
On numerous occasions I have started with a new client and discovered that their last support person/company left their wireless LAN unsecured. The most common reason I am told for this is because "it wouldn't work properly with the key turned on". Instead of fixing whatever caused the network to not work with a security key enabled, they have simply left a gaping big hole in the organisation's network that anyone could exploit.
All the firewalls and security systems in the world won't protect you if your network is open to anyone within wireless range. It's like locking the doors of your car and leaving the window down. Do you really think the thieves are going to jimmy the locks when you have left an alternate way in? Networks are the same.
Not only is having a security key on your wireless LAN important but so is the method of security you use. Having a security key with no encryption is pointless - every piece of information sent over the network can be snooped by someone within range (including the key). Using WEP is a little better, however a WEP-secured network can be hacked in as little as three minutes by someone who knows what they are doing.
To better protect your network, set the security on your wireless access point to WPA2 (or at the absolute minimum WPA). If you have devices which can not use this method of encryption you should check to see if they can be updated or replaced - only if the device is essential to your business and can't be replaced to another that is WPA compatible should you consider downgrading your network encryption to WEP.
After keys and encryption the next layer of security which you can use to enhance your wireless security is to use MAC filtering. Every wireless device has a unique identifier known a Media Access Control (MAC) address. Most access points will allow you to only allow connections from specified MAC addresses (and therefore only devices matching one of those addresses), however this security isn't as valuable as it may appear as MAC addresses can be easily faked but it does provide another layer of security.
No wireless security method is guaranteed to keep the bad guys out, however using WPA2 and MAC filtering will make hacking into your wireless network a little harder. We always suggest that businesses with a wireless network should consider using a system based on 802.1x authenticaation which issues each user with a unique username and password and changes encryption keys on the fly. This provides the best possible security on the network. Keep your eyes out for a new post about why you should use 802.1x soon!
Trackback URL for this blog entry.