Computerworld - Wireless technology is dramatically changing the world of computing, creating new business opportunities but also increasing security risks.
Wireless LANs, which use radio frequencies to broadcast in the unlicensed 2.4-GHz frequency band, can be as simple as two computers equipped with wireless network interface cards or as complex as hundreds of computers outfitted with cards communicating through access points. They're relatively inexpensive and easy to install.
But they also introduce a number of critical security risks and challenges, and it's important to implement strong security measures to mitigate these risks. What follows are potential risks and associated best practices to help you secure your network and understand WLAN characteristics:
Risk No. 1: Insufficient policies, training and awareness
Though establishing policies to govern wireless networks would appear to be a basic requirement, institutions often fail to take this step or to inform employees of the risks associated with not using a wireless network in accordance with the policies. Once policies are implemented, it's critical to communicate them to increase users' awareness and understanding.
How to mitigate:
Develop institutionwide policies with detailed procedures regarding wireless devices and usage. Maintain these policies and procedures to keep current with technology and trends. While each institution will have specific requirements, at a minimum require the registration of all WLANs as part of overall security strategy. And because a policy isn't effective if users aren't in compliance, monitor the network to ensure that users are following the policy as intended.
Conduct regular security awareness and training sessions for both systems administrators and users. It's important to keep systems administrators informed of technical advances and protocols, but it's equally important for users to understand the reasons for the protocols. An educated user will more likely be a compliant one, without as much protest. These education sessions should stress the importance of vigilance.
Risk No. 2: Access constraints
Wireless access points repeatedly send out signals to announce themselves so that users can find them to initiate connectivity. This signal transmission occurs when 802.11 beacon frames containing the access points' Service Set Identifier are sent unencrypted. (SSIDs are names or descriptions used to differentiate networks from one another.) This could make it easy for unauthorized users to learn the network name and attempt an attack or intrusion.
How to mitigate:
- Enable available security features. Embedded security features are disabled by default.
- Change the default settings. Default SSIDs are set by the manufacturer. For example, Cisco's default SSID is "tsunami," and Linksys' is "linksys." Not changing these makes it easier for an unauthorized user to gain access. Define a complex SSID naming convention. Don't change the SSID to reflect identifiable information, since this too could make it easy for an unauthorized user to gain access. Instead, use long, nonmeaningful strings of characters, including letters, numbers and symbols.
- Disable Dynamic Host Configuration Protocol and use static IP addresses instead. Using DHCP automatically provides an IP address to anyone, authorized or not, attempting to gain access to your wireless network, again making it just that much easier for unauthorized penetration.
- Move or encrypt the SSID and the Wired Equivalent Privacy (WEP) key that are typically stored in the Windows registry file. Moving these privileged files makes it more difficult for a hacker to acquire privileged information. This step could either prevent an unauthorized intrusion or delay the intrusion until detection occurs.
- Use a closed network. With a closed network, users type the SSID into the client application instead of selecting the SSID from a list. This feature makes it slightly more difficult for the user to gain access, but education on this risk-mitigation strategy can reduce potential resistance.
To gain maximum advantage of a closed network, change the SSID regularly so that terminated employees can't gain access to the network. Develop and implement an SSID management process to change the SSID regularly and to inform authorized employees of the new SSID.
- Track employees who have WLANs at home or at a remote site. Require that wireless networks are placed behind the main routed interface so the institution can shut them off if necessary. If WLANs are being used at home, require specific security configurations, including encryption and virtual private network (VPN) tunneling.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Protection for Every Enterprise: How BlackBerry Security Works Get an IT-level review of BlackBerry® Security, addressing data leakage protection, certified encryption, containerization and much more.
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Workforce Mobilization for Improved Productivity A mobility research director from Aberdeen discusses reasons for extending legacy applications to mobile devices, and an integration strategist from Attachmate shows how...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Mobile/Wireless White Papers | Webcasts