logo

Securing a wireless network

By rotide
Created 22/07/2008 - 12:50
Roy Harari_Comsec 2.JPG

The physical convenience of a wireless IT infrastructure is very appealing, especially to a small business without staff and money to lay cables round the office. However, a Wi-Fi network is more vulnerable because it exposes the company's internal network in way the physical constraints of a wired network do not. And if the organisation also adds its servers and databases then the danger is even more acute.

The more common threats are:

These threats are relevant to all businesses with access to the internet and external devices.

Warning signs are often few and far between with many attackers covering their tracks or going unnoticed. However, there are a few warning signs which all administrators should be aware of, such as network performance degradation, loss of availability on a regular basis or clients with an increasing number of pop ups and viruses. The number of attacks taking place unbeknown to an administrator illustrates the need to monitor network activity regularly and have periodic external security assessments performed on the network.

Planning a network
It is a good idea to plan the wireless deployment before you start. The following gives the key steps involved in securing a wireless environment:

Interference issues
There are additional considerations for the smaller office, including wireless interference from neighbouring networks.

Almost all organisations I have performed a network security assessment for have a neighbouring office with an unsecured, open wireless network. With many operating systems connecting to the first wireless network with the strongest signal automatically, there is nothing stopping a user from regularly connecting to a neighbouring, open network, perhaps without realising. This can expose their computer, and potentially the internal servers, to an attack or unauthorised access to the network.

Almost all organisations I have performed a network security assessment for have a neighbouring office with an unsecured, open wireless network

Another angle on this is that there are legal implications around outsiders using your wireless access to commit acts that you can be liable for.

Another common problem is interference from a wireless network nearby. A simple solution to this issue is to alter the default channel your wireless router operates on. Change the Service Set Identifier (SSID) of the wireless network to a unique one and if you use cordless phones in your office, pick phones which operate on the 5.8Ghz or 900Mhz frequencies. Alternatively position the wireless router in a central location as far from the outside walls as is possible. This will help mitigate the problems associated with interference such as performance degradation, availability issues and weak signals.

Step-by-step Wi-Fi security
Here is a walkthrough to the key security measures which should be included in the overall plan and which may not necessarily be detailed in user manuals:

Perform a risk assessment: what do you need to defend and why?

Read up
By default, wireless routers straight out of the box are inherently not secure. To address this problem, many router vendors make it easy for the non-technical user to secure the router by supplying a manual which clearly illustrates the steps to take.

However, IT managers in smaller businesses are often stretched thin and reading a manual can get forgotten. So to ensure effectiveness of the security measures and of the internal network itself it is always a good idea to hire a security specialist to do this for you. Many consulting companies are also specialised in other areas of information security and can advise on how best to implement scalable security which will maintain the security level as more devices are added and as the network grows.

The right tools
As with all security solutions, small businesses must end-up with a trade between risk, usability, cost, complexity and functionality. However, the functionality now exists to secure wireless networks while still keeping a simple infrastructure and the costs down.

Endpoint security and wireless security management tools are now more affordable and are increasingly successful at defending networks against the major threats to Wi-Fi systems, such as denial-of-service attacks and wireless network sniffers. Another interesting feature of these tools is their ability to scan for rogue wireless access points that attackers often install to infiltrate a network.

Securing a wireless network is not rocket science but with the increasing number of security threats and incidents it is important to take careful steps to plan well, enforce security before you go live and to regularly monitor and keep the security plan up-to-date.

Roy Harari is managing director at IT security consultancy Comsec. For more information visit www.comsecglobal.co.uk [1]

Source URL:
https://www.newbusiness.co.uk/articles/telecommunications/securing-a-wireless-network