The Truth About Wireless Security

It's Not As Scary As You Think

Of what? Wireless security, of course.

Unfortunately, there has been a steady stream of surveys, articles and news reports that spotlight the potential for security breaches -- which not only reinforces this phobia, but further delays the adoption of wireless networks in today's businesses.

"Wireless security gets a lot of bad press," says Fran Murello, an Ingram Micro wireless expert. "But the truth is, most wireless users don't take the obvious steps to prevent security problems. All networks -- both wired and wireless -- are only as secure as customers make them, and wireless networks can be every bit as secure as wired networks by following a few simple steps."

When you approach your customers about wireless solutions -- and security, specifically -- be sure to address both components of their wireless infrastructure: their internal WLANs and their policies for external mobile users.

WLANs
When strengthening the security of your customers' WLANs, it's wise to systematically resolve issues at each potential point of failure. Here are the most common ones and ways you can help them become more secure.

Access Points
Keep intruders out by keeping the signal in. Try to place access points near the center of your customers' buildings and radiate signal coverage out toward the windows, but not beyond. If the signal is too strong, it will reach outside the building, making it easier for hackers to gain access.

To ensure your customer's wireless capabilities stay within company boundaries, test signal strength by installing an access point and using a client card to see how far you can transmit data. Or you can use an off-the-shelf tool (e.g., Cisco's Site Survey Kit) to determine the best location for each access point.

Remember to implement the following best practices to further strengthen access point security:

• Change default user names and passwords
• Disable SSID broadcasting
• Enable the highest level of encryption (WEP, WPA or another emerging standard)
• Enable MAC filtering
• Disable Dynamic Host Configuration Protocol (DHCP)

Antennas
Antennas not only increase the range of WLAN systems, they can also enhance the security of wireless networks. A properly positioned antenna can prevent the signal from leaking outside company boundaries. Choose amongst the following types.

• Omni-directional | These antennas have a 360-degree circular coverage pattern on a horizontal plane, making them ideal for square locations, such as the center of buildings.
• Directional | These devices provide concentrated coverage in a single direction, with a conical pattern (resembling a flashlight beam). The directed beam allows for a longer, narrower coverage pattern, ideal for elongated areas, corners and outdoor point-to-point applications.

Human Error
In many cases, misuse by employees creates the biggest security risks. However, most of these mistakes aren't made by disgruntled employees trying to circumvent security policies; they are honest errors made by individuals who don't know better.

Your customers can prevent these problems -- and close common security holes -- by properly educating and training employees, as well as following a few simple password guidelines:

• Create parameters that force employees to use complex passwords (e.g., hard-to-guess combinations of letters and numbers)
• Require users to change their passwords regularly

Mobile Wireless Networks
Once your customers' office buildings are secure, you still need to ensure wireless security for mobile workers who access the company network from other locations (e.g., hot spots, home networks). Again, consider the points of security failure and address them individually.

Internet Connections
Install a VPN tunnel to verify mobile users are who they claim to be. Your customers will rest easy knowing that only authorized mobile users can access company networks and mission-critical data.

Laptops
To combat the inherent risks of wireless laptops, all laptops that access the company network should be equipped with firewalls.

Your customers should also mandate the use of RSA cards, which employ a two-step authentication process to verify user identity, as well as network access rights.

Monitoring
By monitoring wireless performance and updating security policies at regular intervals, you can help your customers stay current and avoid any new security threats.

Encourage your customers to perform security assessments at least twice a year to ensure that:

• No new interferences have appeared
• Access points continue to have adequate coverage and bandwidth
• Access points are using the latest versions of software and have the most current patches

To help your customers succeed in this critical effort, consider selling network monitoring software tools, or regularly provide these services for a fee.

Get permission to periodically survey your customers' sites using a tool like NetStumbler to see if any rogue access points pop up. Or consider taking a notebook equipped with NetStumbler and an external antenna outside your customers' office building and survey what someone in the parking lot might "see."

For a comprehensive list of downloadable tools to assist you in identifying and fixing any wireless security holes, visit www.networkintrusion.co.uk/wireless.htm.