NetConnX

Securing your wireless local area network access point

By Jon Anderson
NetConnX Technologies
----------
If you follow a few simple steps to secure your wireless network access point you can avoid some potentially very serious consequences.
Below is an article written by our Director/General Manager of Engineering, Jon Anderson.

----------

Wireless networks allow computer users to attach their systems to a Local Area Network without the traditional bother of tethering that system to a network wall-jack. With the proliferation of broadband and the increased dependency of business on network computing, these wireless networks have become extremely commonplace due to the added convenience they provide. If you simply purchase and configure a wireless network access point, anyone with very little effort can connect to the “inside” of your company network without your knowledge, they could easily access your documents, use your internet and launch illegal activities such as uploading or downloading child pornography, setting up your computers as a distribution network for copied software and many other liability issues right from your office parking lot. However, the added convenience of wireless networks can come at the cost of network security if one or more of the following procedures are not followed.

Many wireless products include a built-in security feature known as WEP or Wired-Equivalency-Protocol. WEP was designed to encrypt the data that travels directly between the client computer and the wireless Access Point, keeping that data private to the local network. WEP also has the ability to only allow clients with a valid WEP key (similar to a password) to utilize the Access Point.

Although WEP has proven to be imperfect as a security protocol (tests have proven that WEP can be “cracked”, although it takes a significant amount of time and effort to do so), it does provide a substantial level of security beyond a completely unsecured Access Point, and will also deter the casual “War Driver” looking for easily exploitable wireless LANs.

Secondly, many Access Points allow administrators to perform a “MAC Address Filter.” Every network card (including every wireless network card) has a unique address, known as a MAC address. The MAC addresses for all wireless systems can be added to a list in the Access Point’s software. The Access Point can then be set to only “pay attention” to the MAC addresses that are in the list.

Much like WEP, this MAC filter provides a much greater level of security when compared to an unsecured Access Point, but there are also some technical shortcuts that make the MAC filter imperfect.

The final (and most secure) option for securing a wireless LAN is to implement a VPN, or Virtual Private Network. Many companies already use some type of VPN to either securely link multiple office locations together, or to allow their users to connect to the office network remotely. In this scenario, the wireless network is attached to the “outside” or “untrusted” side of the VPN server. When a user attaches to the wireless network, they must then launch their VPN client to securely access the internal network.

Unfortunately, VPNs can be expensive and complicated to build. This makes installing a VPN for the sole purpose of securing your wireless network somewhat impractical.

Once one or more of these steps have been taken, the potential risks of operating a wireless network are greatly reduced, balancing the convenience of un-tethered network access and the necessity to protect vital business data.

Please explore our other menu options for more information on NetConnX and the services that we provide.
NetConnX 888-411-1699 24hrs