Technology is safe as long as your follow simple safe browsing and of course industry best practices.
So how can you secure your wireless network?
- Control your broadcast area. Many wireless APs (access points) let you adjust the signal strength; some even let you adjust signal direction. Begin by placing your APs as far away from exterior walls and windows as possible, then play around with signal strength so you can just barely get connections near exterior walls. This isn’t enough, though. Sensitive snooping equipment can pick up wireless signals from an AP at distances of several hundred feet or more. So even with optimal AP placement, the signal may leak.
- Lock each AP. A lot of people don’t bother changing the defaults on their APs, and maintaining the default administrator password makes your system a good target. Use a strong password to protect each AP.
- Ban rogue access points. If an AP is connected to your home or office network, make sure you or the network administrator put it there.
- Use Wi-Fi Protected Access (WPA). Passively cracking the WEP (Wired Equivalent Privacy) security protocol is merely a nuisance to a skilled hacker using Linux freeware like AirSnort. The protocol does add a layer of difficulty.
- Use SSIDS wisely. Change the default Service Set Identifiers (SSIDs) for your APs, and don’t use anything obvious like your address or company name. For corporate setups, buy APs that let you disable broadcast SSID.
- Limit access rights. Chances are, not everyone in your building needs a wireless card. Once you determine who should take to the airwaves, set your APs to allow access by wireless cards with authorized MAC addresses only.
- Limit the number of user addresses. If you don’t have too many users, consider limiting the maximum number of DHCP addresses the network can assign, allowing just enough to cover the users you have. Then if everyone in the group tries to connect but some can’t, you know there are unauthorized log-ons.
- Authenticate users. Install a firewall that supports VPN connectivity, and require users to log on as if they were dialing in remotely. Tweak the settings to allow only the types of permissions that wireless users need.
- Use RADIUS. Installing a RADIUS server provides another authentication method. The servers tend to be expensive, but there are open-source options, such as Free RADIUS (www.freeradius.org), for UNIX-savvy administrators.
- Call in the big boys. If you have secrets to protect, you should have wireless-dedicated hardware security in place. Call in an expert that can protect your network.
Welcome to Worry-Free iT!