Organizations in our region have been steadily adopting wireless networking over the past few years, and many more businesses will take the leap to wireless over the course of 2006. By implementing a wireless network, your employees can do their job more efficiently and be more productive. For just about every business, there is an opportunity to use a wireless network to become more competitive in the marketplace.
Many businesses have installed wireless access points (WAPs) in order to realize various benefits, but my experience has shown that relatively few organizations understand the importance of properly securing their wireless network. If an attacker gains wireless access to your network, they are behind your firewall and there is very little protection available to you. It is not uncommon to find unsecured networks in our region, and I frequently see access points in use that are not up to today's security standards. When you add in the number of improperly configured WAPs, it becomes apparent that our region has a lot of room for improvement.
When evaluating your need for wireless security, you should ask yourself these four questions: How valuable is your data and how sensitive is it? What regulations are your company obligated to meet regarding data privacy? How much traffic passes by your office? Are there any potentially attractive targets near you? In many instances a company's wireless security policy is like failing to have a front door to your house. Anybody walking by can peek in to see your valuables, and easily walk in to take whatever they want.
I won't get into the technical aspects regarding how wireless networks can be attacked and the methods that can be employed to make them more secure, but I can offer an overview of the three wireless security standards and how they compare to each other to give you an idea of where you stand. Just compare the information present on the access point, its original box, or the manufacturer's web site to learn what your WAP is capable of.
The first security standard developed for WAPs is known as WEP (wired equivalent privacy). Older WAPs and less savvy network administrators will employ this method for protecting a wireless network. A pre-shared key is the best defense of WEP. Most people do not change the WEP key frequently which is like having the same password for all users on your network. WEP can be easily defeated by an inexperienced hacker using simple tools, making this a poor security choice. If your access point is more than two years old, it probably uses WEP and should be replaced immediately. Using the front door analogy, WEP is like locking your screen door, and giving every person who visits the house a key. People can easily peek inside, too many people have a key to open the lock, and an intruder could just cut a hole in the screen to unlock the door from the inside.
To address the problems inherent with WEP, the wireless industry developed a standard known as WPA (Wi-Fi Protected Access). WPA requires the use of passphrases (long passwords), and a unique encryption key for each user that frequently changes. Other technological improvements were made to improve security, as well. WPA was designed to be backwards compatible with WEP access cards, giving administrators an affordable upgrade path to improved security. WPA is like installing a solid front door to your house, and using the lock on the doorknob. Intruders can't peek inside and it is more difficult for them to gain entry to your house.
WPA has not yet been hacked, but it's only a matter of time. To address this reality the wireless industry has just released the WPA2 (Wi-Fi Protected Access 2) standard, sometimes referred to as 802.11i. WPA2 improves upon WPA by adding user authentication with a server and using stronger encryption. Windows XP just began supporting WPA2 in May. A properly configured WPA2 network satisfies US Government security standards, making them a necessity for regulated businesses in the medical and financial industries. WPA2 protection is like using the deadbolt of your door and an intercom to verify the visitor's identity before letting them inside.
If you are about to purchase a new access point, it should definitely support the WPA2 standard. If you must to use a WAP that utilizes WEP or WPA standards, there are still methods that will help you create a more secure network. Getting the most out of an inferior technology is sometimes better than failing to properly use a new one. For specific information on securing your network, give me a call and we can develop a security policy created to meet your individual needs.
Copyright 2006, Travis Fisher. All Worldwide Rights Reserved. {Attention Publishers: Live hyperlink in author resource box required for copyright compliance} Travis Fisher is executive Vice President of Inacom Information Systems in Salisbury, MD. Travis has helped Delmarva businesses deploy valuable, cost effective voice, data, and web solutions since 2000. Inacom is a Microsoft Gold Certified Partner, Cisco Systems SMB Select Partner, HP Business Partner, and Avaya Diamond Level Business Partner. For more information on Inacom, visit the Inacom Information Systems web site. |
No comments:
Post a Comment