The Essential Guide to Wireless Security

Updated: August 20, 2012

As more businesses deploy wireless networks to connect employees, professional partners and the general public to company systems and the Internet, the need for enhanced wireless security grows increasingly important. Fortunately, as more companies become aware of the threats facing their wireless networks — and how to combat them — the gap between wired and wireless-network security is gradually narrowing.

The Threats

Wireless-network security isn't a single issue. Businesses need to recognize that they are fighting attacks on several fronts. Many wireless-network threats are unique to the technology, including:

• Roaming Attackers: Attackers don't have to be physically located on a business's premises in order to access data on its wireless network. Criminals use network scanners, such as NetStumbler , with a laptop or other portable device to sniff out wireless networks from a moving vehicle — an activity called "wardriving." Performing the same task while walking down a street or through a business site is called "warwalking."
• Rogue Access Points: A rouge access point is one that exists without the permission or knowledge of the wireless network's owner. Employees often install rogue access points to create hidden wireless networks that circumvent the installed security measures. Such stealth networks, while fundamentally innocuous, can create an unprotected gateway that serves as an open door to intruders.
• The Evil Twin: Sometimes referred to as WiPhishing , an evil twin is a rogue access point that hides under a nearby network's name. The Evil Twin waits for an unsuspecting user to sign into the wrong access point and then steals the individual's network data or attacks the computer.
• Network Resource Theft: Cheapskates like to get free Internet access from nearby wireless networks. Even if these individuals intend no direct harm, they still hijack network bandwidth to surf the Web and perform other online activities, draining network performance. More nefarious freeloaders will exploit the connection to send email from a company's domain or to download pirated content — exposing the host business to legal action.

Protection Methods

With wireless providing so many opportunities for attackers to enter and harm networks and business systems, it's no surprise that a wide array of security tools and techniques have arrived to help businesses secure their networks. Here are the top protection methods:

• Firewalls: A strong network firewall can effectively block intruders trying to enter a business's network via a wireless device.
• Security Standards: The first wireless-network security standard — WEP (Wired Equivalent Privacy) — was highly insecure and easily compromised. Newer specifications, such as WPA (Wifi Protected Access), WPA2 and IEEE 802.11i are much stronger security tools. Businesses with wireless networks should take full advantage of a least one of these technologies.
• Encryption and Authentication: WPA, WPA2 and IEEE 802.11i supply built-in advanced encryption and authentication technologies. WPA2 and 802.11i both support AES (Advanced Encryption Standard), the specification used by many U.S. government agencies.
• Vulnerability Scanning: Many attackers use network scanners that actively send messages to probe nearby access points for information, such as SSID (service set identifier) and MAC (machine access code) names and numbers. Businesses can use this same approach to uncover attacker-exploitable weaknesses in their wireless network, such as unsecured access points.
• Lower the Power: Some wireless routers and access points allow users to lower the transmitter's power, reducing the device's coverage range. This is a useful way of limiting access to on-site users. Careful antenna positioning and placement can also help keep signals from "bleeding" into off-site locations.
• Education: All employees should be trained in the proper use of wireless devices and instructed to report any unusual or suspicious activities they detect.