Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FBI warns of holiday cyber scams
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Verizon trounces competition in wireless quality survey
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP
Cisco shutting down between holidays
Sprint completes Clearwire WiMAX deal
Mobile sales to beat economic gloom, forecasts Ovum
Start-ups starting to feel economic pain
Spam levels fluctuate as crooks try to revive botnets
Mozilla eyes extra beta for Firefox 3.1
Grim forecast for holiday e-commerce sales
Talking Web, memory assistants and solar-powered cell phones headed mainstream, IBM says
/

Audio primer: Basic Wireless LAN security

Related linksToday's breaking news
Send to a friendFeedback

Network World Fusion

Wireless LANs offer so many potential benefits, from greater mobility for users to the end of cabling confusion. But they bring a host of security issues that need careful attention. In this primer, we'll take a look at some of the technologies and techniques used for securing a small office/home office WLAN network to keep data and resources safe from prying eyes.

In a traditional wired LAN, a router and a firewall, coupled with the physical nature of the wire itself, can be used to protect against intruders. But with a WLAN, the signals emitted by the access point and a client can travel beyond the walls of a building and be picked up by anyone with the right equipment.

Advertisement:

This immediately results in two potential security risks. First, a malicious user could "sniff" traffic on the wireless network looking for information such as a credit card numbers, user names, passwords or other sensitive data. Second, an open connection could give an outsider Internet access - for things as harmless as Web surfing or as nefarious as sending spam or attempting to break into your local servers. All three popular wireless protocols - 802.11b, g and a - are vulnerable and most WLAN access points ship with default settings that leave them wide open.

Fortunately, there are a number of ways to limit access to SOHO wireless networks - and the data they carry. Network World columnist and Lab Alliance member James Gaskin offers five relatively painless steps to keep out the casual hackers and accidental tourists:

First, be careful of the physical placement of a wireless access point: The closer to an outside wall or window, the further outside the building a wireless signal will travel. And don't put the access point in the ceiling if you have upstairs neighbors. Gaskin recommends conducting a basic site survey by walking around with a laptop displaying the signal strength to help with the placement of the access point.

Second, turning on Wired Equivalent Privacy, or WEP, in either 40-bit or 128-bit mode, will help keep out the casual eavesdropper, though it is vulnerable to a more determined cracker using such freely available tools as WEPCrack and AirSnort. On the flip side, the same tools available to hackers can be used internally to test your own security.

Wi-Fi Protected Access (WPA) is a new security standard designed to replace WEP by offering better encryption and the ability to authenticate users when used with a RADIUS server. However, when used without RADIUS, as is most likely the case in a SOHO environment, WPA can be vulnerable to a dictionary attack, in which a hacker basically feeds an encrypted data flow into a dictionary application to look for matches, according to a white paper from ICSA Labs. One way to circumvent a dictionary attack is to use a random number generator to select the passphrase.

Though the Wi-Fi Alliance touts WPA as being available to any "Wi-Fi Certified" product via a software upgrade, experts say it may not be backward compatible with some older devices and operating systems. Also, some mobile devices may lack the processing resources to handle WPA.

Gaskin's third recommendation is to change the Service Set Identifier, or SSID, used by the access point. Most access points, especially at the consumer level, come with a default name that is easily guessed. For instance, Linksys ships all its wireless routers with the default SSID of "linksys". Picking a unique SSID (and changing it periodically) adds another layer of protection plus makes it easier to identify your network by name if there are multiple wireless networks operating in the same area.

Additionally, some access points allow you to turn off the SSID broadcast feature, which basically advertises the access point's existence. If this is turned off, users must enter the SSID name by hand rather than picking from a list of available networks in the area. However, turning off the SSID broadcast can result in more processing on the client side, which could drain power resources on battery-powered devices.

Fourth, Gaskin recommends turning off the Dynamic Host Configuration Protocol, or DHCP, and assigning all wireless users a static address. Using static addresses means more upfront management, but can help prevent an attacker sitting in the parking lot or a neighbor from gaining an IP address on your network.

Finally, many consumer wireless access points offer access control lists that can limit devices connecting to the router by MAC or IP address. Any device not on the list that tries to connect to the access point will be rejected. As with using static IP addresses, creating an access control list can also be a management headache, especially for locations with more than a couple dozen wireless devices.

While these five steps may not stop the most determined hacker from cracking your network, it should turn away the casual hacker and accidental connections from the next-door neighbor.

Back to main primer: "Basic Wireless LAN Security"

RELATED LINKS
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.