Top 10 Vulnerabilities in Today's Wi-Fi Networks

Sandeep Singhal   Today’s Top Stories   or  Other Security Stories  

The Secure Web Gateway. Mission Critical For Business Get a Grip on Storage Growth and Reduce Costs What's Next? Real Answers for Tough Times Infoblox IP Address Management Solutions Brief Next-Gen Load Balancing: 3 Keys to Successful Delivery of Advanced Web Apps Advanced Load Balancing: 8 Things You Need to Handle Today's Network Traffic Computerworld Report- Large Enterprises Pay More for IPAM Mobility @ the Speed of Business Computerworld Report- Large Enterprises Pay More for IPAM Sign up to receive Networking and Internet Resource Alerts

July 15, 2002 (Computerworld) -- How can you plug the holes in your wireless network? Here are 10 tips:
1. Hackers are looking for easy targets.
Avoid advertising the presence of your wireless LAN: The easier it is to find, the more likely it will be a target. Be sure to change the Service Set Identifier (SSID) so that it's not the factory default, and turn off SSID broadcasting. If possible, adjust access point (AP) antennas and power levels to avoid signal leakage to areas where coverage is neither required nor desirable.
2. It is easy to "convert" a device so that it looks like another device.
Lost or stolen devices are also a severe threat. Media Access Control addresses are, therefore, a poor method of network authentication. Instead, rely on device-independent authentication, such as user names and passwords, with integration with existing network directories or authentication schemes. Wireless LANs are a natural extension to RSA SecurID token deployments.
3. Wireless data requires data encryption.
Built-in wireless LAN encryption (such as Wired Equivalent Privacy) is weak. Instead, use virtual private network technologies such as IPsec with triple DES to protect data. Avoid proprietary schemes in order to assure maximum interoperability.
4. Limit or control where wireless LAN traffic can go.
If the wireless LAN is to be used for a selected purpose, such as to access an enterprise resource planning system, then place specific packet filters on the wireless LAN to allow only that access.
5. Don't place APs on desks or other places that can be easily accessed.
Unscrupulous visitors or careless employees can easily move, replace or reset the APs. Security can't be assured in such insecure locations. Instead, move management and security to the wiring closet.
6. Actively monitor AP configurations.
It's not sufficient to configure an AP correctly; once configured, the AP must stay properly configured. Consider that it is easy for someone to perform a hardware reset on an AP that sits on a desk or ceiling. By actively monitoring the AP configuration, you can ensure that the AP is automatically reconfigured should such an event occur.
7. Be aware that APs are easily installed by employees and intruders and may easily bypass the enterprise's wireless security policies.
Active sniffing for these rogue devices is a critical operational requirement. New tools to ease this task are readily available.
8. Over a wireless LAN, an intruder can attack the wireless clients themselves in a peer-to-peer fashion.
This attack can give the intruder network access by simply using a legitimate client as an accepted entry point. To address this issue, desktop firewalls should be deployed, along with network management tools that actively audit and manage the client before permitting access via the wireless LAN.
9. Prevent denial-of-service attacks by ensuring adequate bandwidth management on the wireless LAN.
The wireless LAN bandwidth is relatively limited and shared by multiple users. Particularly in environments in which different users need to perform different mission-critical tasks, this bandwidth must be policed to provide fair access.
10. Deploy real-time policy management.
As they are deployed, wireless LANs will span entire campuses and incorporate multiple global sites. Security policies (e.g., valid user lists or access rights) will naturally change. These changes must be reflected in real time throughout the wireless LAN to reduce the window of opportunity for intrusion and, more important, provide immediate lockdown of detected security holes.

Singhal is chief technology officer at ReefEdge Inc. in Fort Lee, N.J.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Some Asian airlines are reporting rising losses to inflight credit card fraud because there is typically no online credit-card authorization..." Read more... Read more Security posts or See all Blogs

Obama's choice for DHS could flame tech visa battle BlackBerry Storm sales should be strong, Verizon says 10 great Bluetooth gadgets More top stories...

Microsoft to launch IE8 in '09; RC due out in Q1 Review: BlackBerry's Storm is awkward and disappointing Google shutters its Lively virtual world

2008 Salary Survey: IT pay takes tiny leaps If you're like our 7,000 survey respondents, your paycheck this year has been flattened and your bonus obliterated. We offer 12 ways to plump up your paycheck. Windows 7 in-depth review and video: This time Microsoft gets it right Microsoft's next OS might more accurately be called Windows 6.5: It's essentially a better version of Vista. Twitter for business: 5 ways to tap the power of the tweet Twitter can be a valuable business tool -- if you know what you're doing. Here's how to juice it for all it's worth. Microsoft's 'Vista Capable' changes outraged HP, insider e-mails show By helping Intel with loosened 'Vista Capable' requirements, Microsoft 'severely damaged' its credibility, said an HP exec in a newly unsealed Feb. 2006 e-mail. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Advance your BlackBerry(R) solution management know-how this July Advance your BlackBerry(R) solution management know-how this July BlackBerry Technical Seminar, register today! Go to the webcast  Cut Data Center Energy Costs Get this white paper now! (Source: Liebert) Cooling accounts for 35% of data center energy consumption. Discover strategies that can reduce cooling energy costs by as much as 40%, including simple steps you can take to get more from your existing cooling system and emerging technologies that can increase cooling capacity and data center density. Download this white paper  Computerworld Executive Briefing: Automating Network Management Download this Executive Briefing now (a $195.00 value), compliments of ProCurve Networking by HP. (Source: Computerworld) This briefing looks at the basics of network management, which tend to get lost in the dizzying array of products and processes. It also examines new tools that are on the way to help IT executives deal with management in the new era of automation.Download this Executive Briefing now (a $195.00 value), compliments of ProCurve Networking by HP. Download this executive briefing  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. 2008 Internet Malware Trends Report Security Trends Overview: Targeted Phishing Attack Enterprise Findability Without the Complexity View more whitepapers

• Obama's choice for DHS could flame tech visa battle
• Microsoft to launch IE8 in '09; RC due out in Q1
• BlackBerry Storm sales should be strong, Verizon says
• More top stories 

Accelerate your pursuit of perfection For almost 80 years, Kodak has been helping banks, insurance companies, healthcare providers, government agencies and other businesses produce billions of document images. So Kodak is uniquely positioned to know and deliver–what customers want: easy-to-use scanners that output the best possible image quality. Download this white paper now!

Steven J. Vaughan-Nichols: 64-Bit Linux Adobe Flash Player: Surprisingly good When Adobe decided it was time to provide a 64-bit Flash Player, they released it on Linux and Solaris. Wow. [more]