Stop Wifi Intruders and Freeloaders

Updated: August 20, 2012

Issue

 

A huge number of businesses have wifi networks on their premises in order to provide Internet connectivity to customers and/or employees. Yet, in their haste to create hotspots, many companies fail to build adequate security into their wifi networks.

A poorly protected wireless network leaves users' transmissions vulnerable to interception, leading to potential financial losses as attackers use stolen credit card numbers, bank-account passwords, confidential business information and other sensitive data to enrich themselves and their cohorts. For the business hosting the network, inadequate safeguards can expose critical wired and wireless network resources to snoops and crooks.

Protecting a wifi network isn't difficult, but it takes time, careful planning, attention to details and a few simple security tools. Below are strategies that can help you secure your wifi network.

 

Strategies

 

1. Secure your access points. Begin by creating a new administrator password. This is a simple step that many businesses overlook. If an access point's administration area can be accessed by entering a stock word like "admin" or "password," the system is literally begging to be attacked.

2. Activate encryption. Using WPA (Wifi Protected Access) encryption in the form of WPA or WPA2 is highly recommended. WPA or WPA2 with EAP-TLS (Extensible Authentication Protocol Transport Layer Security), with both user and computer certificates, is the strongest method of authentication. EAP-TLS uses digital certificates to provide mutual authentication, in which the wireless client authenticates to the authentication server and vice versa. EAP-TLS authentication requires a PKI (public key infrastructure) to issue certificates and keep them current. The PKI should be configured to issue both user and computer certificates for wireless access.

Some older clients don't support WPA or WPA2. If you decide that your network must serve such technologies, turn on 128-bit WEP (Wired Equivalent Privacy) encryption and use a password to generate the key. Be sure to keep a record of the password so it can be supplied to the people who need network access. Remember, however, that WEP is a weak security approach that can be defeated relatively easily by a skilled attacker. One way of improving on static WEP is to configure access points to use MAC (Media Access Control) filtering to allow only a predefined group of clients to access the network. Unfortunately, a truly committed attacker can also defeat this technique.

3. Create a fresh SSID. What could be worse then using a default SSID (service set identifier)? Why, giving it your company's name, of course (although potential hackers will thank you for identifying their target). Try using a name that's cryptic, like "jup2fjk," or one will make attackers think twice — something like "infected node" (although such a name may also scare away legitimate users from using a public hotspot).

4. Sniff out rogue access points. Most business networks lie within range of access points connected to other networks. Most of these access points will be linked to legitimate systems, but some may be the handiwork of potential mischief-makers, such as attackers and even company employees operating their own unauthorized networks. Unmanaged access points can create a vulnerable point of attack against a business's network. Plugging a laptop into the network and running a detection tool, provided by a vendor such as AirMagnet and Aruba Networks, will enable the network administrator or other authorized individual to quickly pinpoint the existence of any rogue devices. Steps can then be taken to either take down the access point or to secure the network against its presence.

Related Categories
Featured Research
  • Baselining Best Practices

    IT must ensure new applications are rolled out quickly, reliably, and without risk, while at the same time guaranteeing performance and availability. Read this VirtualWisdom white paper to find out how to achieve application-aligned infrastructure performance, and more. more

  • Next Generation End User Experience Management: APM

    In an era of new technologies and cloud-based application delivery models, your business success depends on your ability to ensure optimal application performance and quality user experiences at all times. This complimentary white paper from AppNeta will enlighten you to the new frontiers in end user experience management and much more. more

  • Optimizing Application Delivery to the Network Edge

    Increasingly, the success of business is being tied to the network. The transformation of the network and IT can help organizations deliver and support highly available applications and services while reacting more quickly to changes in the business environment. In this complimentary white paper from IDC, learn how HP can help its customers and partners improve the overall application experience. more

  • Networking Routers Buyer's Guide for SMB & Enterprise

    This buyer's guide presents an overview of leading products on the market today and aims to improve research for companies needing to purchase or upgrade their equipment. more