Wi - Fi Security

Wireless networking is growing in popularity because it is cheaper and more convenient than other systems for internet access. But replacing old-fashioned wires with new wireless connections may undermine the security that once protected a network. Securing a wireless network is as important as locking the passenger door of your car when you leave it in the parking. The security problems of wireless networks are so widespread that finding unprotected networks and publicizing their vulnerability has now become a sport among computer geeks and hackers known as “wardriving.” Deployment of security systems in different Wi-fi settings, be it home, businesses or hotspots, is the first step towards ensuring security.

Read more to have your networks completely secure in Wi-Fi environment.

Wi-Fi Security

Wireless networking is growing in popularity because it is cheaper and more convenient than other systems for internet access. But replacing old-fashioned wires with new wireless connections may undermine the security that once protected a network. Securing a wireless network is as important as locking the passenger door of your car when you leave it in the parking. The security problems of wireless networks are so widespread that finding unprotected networks and publicizing their vulnerability has now become a sport among computer geeks and hackers known as “wardriving.” War driving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a portable computer.

The serial blasts that occurred in several parts of India last year highlight the importance of securing Wi-Fi networks when it became clear that terrorists had hacked into a Wi-Fi network to send terror emails just before the blasts.

With Wi-Fi being increasingly deployed in homes, organizations and in public locations, security needs to be geared up to ensure safe Internet access. Deployment of security systems in different Wi-fi settings, be it home, businesses or hotspots, is the first step towards ensuring security.

Risk Scenarios in Wi-Fi Networks

Wi-Fi, a short form for Wireless Fidelity, is a communications technology that provides internet access via radio waves rather than cables. Since its inception in 1997, Wi-Fi has grown in popularity and is rapidly becoming the standard for wireless networking. A few common uses include Internet, Voice Over IP, gaming and network connectivity. Some Wi-Fi devices include the personal computer, video-game consoles and several brands of PDAs.

While Wi-Fi makes information much more accessible and does away with the complexities of wiring and cabling, it brings along with it a plethora of security issues that need attention.

In unsecured WLAN environments, any hacker can gain access to the internal network leading to data loss and theft through eavesdropping, interception and modification of data in transit, spoofed e-mail messages for social engineering and malware insertion attacks, service disruption and bandwidth loss etc.

Home Wi-Fi Networks

Well-publicized incidents of disk-crashing worms and viruses have scared home users, forcing them to protect their computers with firewall and antivirus software. Most of them are increasingly taking steps to bolster Internet security, thanks to the ever-present fears of identity theft and credit card fraud through online transactions. The growing prevalence of uninvited spyware has spawned a fast-growing class of applications designed to protect computers from these performance-sapping nuisance.

Few home users are still leaving their Wi-Fi networks unsecured because they are unaware of the risks or the security options available to them. Here are a few pointers for these users to keep their Wi-Fi off limits from intruders.

Precautions

Use of encryption - All access point equipments come with some form of encryption technology that limits access to the Wi-Fi. Care should be taken to use latest encryption technologies like Wi-Fi Protected Access (WPA).

Home users should use the Pre Shared Keys (PSK) to do the least to protect access to their Wi-Fi access point.

Change the Default Network Name or SSID Access points and routers use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally “linksys.” Knowing the SSID will not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, it is seen as a poorly configured network and is much more likely to be attacked. Users should change the default SSID immediately when configuring wireless security on their network.
 
Stop broadcasting your router's network ID - In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. For home users, this roaming feature is not needed as it increases the chances of someone trying to log in to the network.
 
Enable Firewall features of the Access Point - Modern network routers contain built-in firewall capability, but the option also exists to disable them. This should be enabled and updated as it forms the first line of defense.
 
Turning off Access points when not in use - Though it is not practical to switch off the devices often but it is always advisable to do so during travel or extended periods and curtail exposure.
 
Safe positioning of Access point - Although of limited help, one should always try to position Access point devices near the center of the home rather than near windows to minimize Wi-Fi signals leakage and thus curtail the risk of the network being hacked into.
 
Security in Corporate Wi-Fi
 
Organizations not only risk losing their information assets but also expose themselves to legal risks for not complying with adequate security on account of their employees accessing unsecured Wi-Fi networks. Organizations of all sizes require secure and high-speed connectivity between branch offices, remote sites and the central office. They need to ensure that wireless access points are configured securely and that hackers can not access them.

Business executives who use wireless hotspots at airports and in hotels need to be wary of sophisticated phishing scams. They should use hotspots only for Web surfing and not for checking bank accounts or accessing databases, which require passwords or confidential login information. Users should enter passwords or data only into websites that contain a Secure Sockets Layer (SSL) key at the bottom-right of the Web browser. Turning off or removing wireless cards from the system are other good ways to prevent a malicious third party from accessing the computer.

To ensure that you protect critical business assets and manage security challenges, here are some guidelines to enhance your organization's wireless network security.

Regular Change of Administrator Passwords & Usernames: For all access points in WLAN, there is an administrative account for access to the configuration utilities with a username and password. Mostly the access points/routers/devices come preset with the manufacturing company having set the username and password. The username the password entered are generally commonly used words like "admin," “system”, "public," or "password," or something which is very simple to hack. Therefore there is a need to change username and password immediately after installing the unit. In fact it should be changed at regular intervals so that past employees or guests do not misuse access. All it takes is any mobile device, including an innocuous looking Internet-enabled cell phone, to access Wi-Fi.

Enable MAC Address Filtering: Each piece of hardware connected to a network has a physical address or MAC. Access points and routers keep track of the MAC addresses for all devices that connect to them. You can restrict or allow access to your network based on MAC addresses so that unauthorized outsiders cannot access from their devices.

User Identification as a Critical Security Measure: Many corporations fail to identify internal users within their security framework. They function on the basis of IP addresses of user PCs. In the absence of user identification, if the corporate Wi-Fi is accessed by an intruder, the security devices in place would allow the intruder to access the Internet through the corporate network if it’s from a known, authorized IP address. The Wi-Fi devices function in a dynamic environment where IP addresses are allotted dynamically to the user PCs as the machine accesses Wi-Fi. Hence, users cannot be identified through the IP address.

Cyberoam is the only identity-based security solution where users are identified by their username and access policies can be set by username. Hence, when an intruder accesses the Wi-Fi, he or she still cannot access the corporate network since Cyberoam would not recognize the user. Cyberoam treats user identity as the basis of corporate security.

HotSpot Wi-Fi Security

Many wireless hotspots are open networks and focus on convenience, not security. Most hotspot users are ignorant about concerns in using public wireless networks, and do not take necessary steps to ensure that their privacy and identity are safe.

It is important to protect oneself while using Wi-Fi hotspots. Here’s how.

Do Not Auto-Connect to Open Wi-Fi Networks – Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. If Wi-Fi access is enabled on your laptop, it would connect automatically to the local Wi-Fi network without notifying you (the user). This setting should not be enabled except in temporary situations.

Use Caution at Public Hotspots – When using an unsecured wireless network, such as a hotspot in a hotel, cafe, airport or any other public location, avoid working with sensitive information related to financial transactions, identification detail and more.


Solution to Wi-Fi Threats

Various networks, whether public or private, need to deploy a solution that can prevent data leakage and access to inappropriate websites and offer complete visibility into the network to know ‘Who is Doing What’. This allows monitoring and controlling the user and safeguarding key people who have access to confidential information assets.

A solution that can identify users with their usernames and enables setting up access policies by username rather than IP address of a machine is the need of the hour. With user identity as the basis of network security, if an intruder accesses the Wi-Fi, he or she still cannot access the corporate network, as identity-based security solutions like Cyberoam would not recognize the user.

 

 

Comments

Article rating:
Your rating:

Reviews

    Knol translations

    Categories

    Activity for this knol

    This week:

    6pageviews

    Totals:

    109pageviews
    ©2009 Google