FEBRUARY 2008
Volume 3, Issue 2
Securing a Wireless Network - pdf
Newsletter
for branding (word doc)
From the Desk of William F. Pelgrin, Chair
Is a Wireless Network Secure?
Wireless networks are not as secure as the traditional "wired"
networks, but you can minimize the risk on your wireless network
(at home or at work) by following the tips below.
How Does it Work?
The standard set up for a wireless network requires two components:
a Wireless Access Point (WAP) and a computer with a wireless
network adaptor. Properly configuring a wireless device can
be challenging and the steps will vary depending on the manufacturer.
If you do not feel comfortable doing it yourself, be sure that
whomever is configuring the wireless network follows these best
practices.
Wireless Access Point (WAP)
The WAP connects to your high speed Internet connection or your
internal network. This is the foundation for building a wireless
network. It provides the ability to use a computer without being
constrained by the distance of a wire. Keep in mind that metal
filing cabinets as well as certain building materials, such as
bricks and blocks, can interfere or limit the range (the distance
between your wireless computer and the wireless access point).
Generally, the indoor range for a WAP is approximately 125 feet.
Wireless Network Adaptor
A wireless network adaptor, used for transmitting and receiving
information, is required for each computer you intend to connect
to a WAP. When purchasing wireless networking hardware from separate
vendors, be sure to obtain guarantees that the hardware will
conform to defined standards and interoperate properly. The wireless
network adaptor is usually built into laptop computers while it is an
add-on component inserted into a USB port on desktop computers.
Enable Encryption
Every wireless network should enable encryption. Encryption scrambles
the data in a way that if your signal is intercepted there is
reduced risk of someone being able to eavesdrop or monitor your
communications. There are several standards of encryption common
to most WAPs. Wired Equivalency Privacy (WEP) is the older standard.
WEP has a number of known security flaws and should only be used
if no other method of encryption is available. Be sure to set
the WEP authentication method to "shared key" instead of
"open system." Under "open system" the initial sign-on is encrypted but
the data is not. Newer wireless access points include Wi-Fi
Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2). WPA2
is the stronger and the preferred method of encryption.
Change the Default Password
Change the default password that comes with your WAP. The default
passwords used by manufacturers are well known to the hacking
community. Be sure to use a strong password, at least eight characters
including numbers and special characters.
Change SSID Name
The Service Set Identifier (SSID) is the name of your wireless
network. Default SSIDs are well known, often the name of the
manufacturer and easy to guess. Change the SSID name to something
unique and be careful not to use a name that freely discloses
information. For example, avoid using your family name. Avoid
descriptive or functional names as well, such as "Payroll" or "Accounting" since
this would advertise an attractive target for an attacker.
Turn Off SSID Broadcasting
By turning off SSID Broadcasting, your wireless access point does
not advertise its presence. It is similar to having an unlisted
telephone number. This is a way to reduce the visibility of your
network to others in your neighborhood. The only way to connect
to a WAP with SSID Broadcasting turned off is to know the SSID
name and password.
Use MAC Filtering on Your WAP
The MAC (Media Access Control) address is the unique ID assigned
to your computer's network interface card. It is referred to
as the computer's
"physical address." Enabling MAC filtering on your WAP allows you to
designate and restrict which computers can connect to your WAP.
If the computer's address is not listed, a wireless connection
cannot be made to the WAP. To look up a MAC address on a Windows
computer, go to "Start"
then "Run" and type "cmd". A new window will open and you will need to
type ipconfig /all and press the enter key. A number of attributes
will be displayed. The MAC address is identified as the "Physical Address."
RF Interference Assuming your WAP point functions in the 2.4 GHz range, you may experience Radio Frequency (RF) interference from other 2.4 GHz devices, such as cordless phones, microwaves and baby monitoring devices. These devices can limit wireless performance. To manage the problem, limit sources of RF interference in proximity to the WAP.
-