Securing Your WIFI
- Securing your WIFI infrastructure
- Ensuring that you use public WIFI safely
Wireless connections are a great resource offering flexibility of connectivity for users, however they are also a dangerous possible security breach in your network. There are a few simple steps that you can take to ensure that this risk is minimized. Some of these are specific to businesses, others are more general, some pertain to the setup of your wireless connection, others to the way in which users use wireless networks.
- Turn off SSID broadcast. The first step is to ensure that someone does not come across your connection by accident. When you have done this, for someone to connect you have to give them the SSID.
- Use encryption. Traffic between the PC and the wireless connection should be encrypted so that any passwords, credit card details or personal information cannot be gained simply by listening in. The current standard is WEP, and 128 bit encryption is recommended. It is said that even 128 bit encryption can be broken relatively easily these days, so if WPA2 is available then it should be used.
- Position the wireless access points so that they cover the desired area, and not too much else. In office blocks this is difficult as they transmit up as well as out. Generally though, if the access point is in the centre of the building it is more likely to stay within the building.
- Ensure that you do not get people adding their own wireless lan points. Potentially, someone could (either maliciously or for their own convenience) add an access point, plug it in under their desk and connect it to their network point. While they can use it for their wireless enabled laptop, if they are not aware of the potential problems, it might mean that anyone can use it. Have a standard setup regarding broadcast, encryption etc that means that this sort of thing is controlled.
- Scan the network for devices – this will help you detect both access rogue points and unwelcome users. You might be surprised how many devices are connecting to your network – PCs, phones, WLAN Detectors, printers, cameras….
- Change the default settings – including SSID and password. This is a no-brainer as all potential hackers will know the default setting for each type of hub / router / wap.
Using Public WIFI, and the potential threats.
- Have a firewall turned on. If you have folder shares or anything that does not require a password then when you connect to a public network you are laying yourself open to having people browse your machine. No hacking skills required.
- Try to ensure that you are actually connecting to the correct LAN. There is a form of hacking where someone simply sits in a coffee shop with a laptop with a powerful wireless LAN card. When your machine sees their card it connects to their laptop rather than to the public LAN. You then enter your password or credit card details and… More sophisticated scams will actually pass the details through to the real LAN so that you are unaware of the potential problem.
- Only connect to corporate networks through VPNs.
These brief tips are almost entirely cost free, and offer a degree of protection. In time they will have to be augmented with other info – as the sophistication of the hackers increases. As with all security, weigh up the cost of losing the data (either destruction, or release to your competitors) with the amount of effort the hacker will have to spend to get it and consider whether it is well enough protected. You might also have to weigh up the legal responsibility for abuse if your connection is used by hackers / opportunists to do something illegal!