By Graeme Klass (CEO Klassic Ventures)
It seems like you can’t get away from the ever-changing nature of wireless technology. You’ve probably thought about creating a wireless network at your home or office but are worried about security. This article will give you practical advice on how to properly secure your wireless networks. At the very least you will be able to have a half-decent conversation about this with the local IT guru.
Before venturing down the wireless path, you need to ask yourself why exactly do you need a wireless network where you work? Do you want to give your staff the ability to work in any office or boardroom? My previous office had a nice lounge area and it’s a good way to still be connected to email and the local server but be out of the clutter and noise of my workspace. If you are rapidly expanding or moving office, it’s a great way to get connected quickly and without the cost and hassle of installing network points around your office.
OK convinced? You’ve probably heard the stories of people hacking into other company’s wireless networks so here are a few ways of securing your wireless networks from potential attack.
There are many what I call “layers of defence” for your wireless network. Whilst no system is fool-proof, here are a few methods to keep in mind when you or your IT gurus are designing your wireless network:
“MAC addresses” (sometimes called physical addresses) are unique numbers built into all internet enabled device (eg. Computers, laptops, mobile phones, even fridges!). You can set up your network to only give access to your devices. Since you know your companies equipment MAC addresses, you can filter out any other alien devices from connecting to your network.
This is a special 128-bit “key” that allows computers and devices to connect to your wireless network. This keeps out everyone without that key from entering your network. Be warned though, that this protocol has been hacked in the past, by professionals. So think of WEP as the steering wheel lock on your car, it can be broken into, but is a bit of a hassle.
This is a 256-bit “key” that offers greater protection for your wireless networks. Not all wireless cards are compatible (and the ones that are compatible, are more expensive), but it’s something to think about if you want that extra layer of security. To my knowledge to date, AES has not been broken into since being introduced.
Your wireless network will have a basestation (where it connects to the rest of your computer network) and an access point (eg. your laptop). Most basestations have one or two antennae and without going into the physics of antenna theory (trust me I have and it’s no walk in the park), point the antenna in the direction where you want the signal to be strongest. In other words, you want to minimize the signal strength outside your office (where someone could get a decent signal to your wireless network). So point the antennae away from areas such car parks, cafe’s and from that suspicious computer company across the road called “Hackers ‘R’ Us”.
You can check your signal strength but taking your laptop (with your wireless card of course) and monitor the signal strength of the receiving signal from the basestation. The manufacturer of your wireless basestation will have it’s own signal strength monitor for your laptop.
Remember that this is a bit of a hit and miss affair and please do not subsitute this layer of defence with the ones above.
When I was working at the Department of Defence in Canberra, the head of IT security told us that the number one threat to their security was not from outside threats getting in, but unfortunately from within the organisation. Make sure you keep all sensitive passwords, WEP/AES keys and MAC address information in a safe place and on a “need to know” basis.
You already have some sort of virus protection and firewall installed on all of your computers whether you are wireless or not. Make sure that they are up-to-date and always install the latest security updates for your software (eg. Windows XP).
Backups but are a necessity, just in case someone breaks through your layers of defence and begins deleting (or worst still corrupting) your files. Yes, backups are a pain, but depending on the size of your business, you can set up simple automated routine using free software and an external hard drive.
At my home office in Essendon, I have a broadband connection with Optus. They supplied an ADSL (broadband) modem and self-install instructions. Once that was set up, I connected my Wireless Router - that's the basestation (a router is simply a device that tells what data to go to which computer). I use a Linksys WRT-4G (about $130 AUD). My laptop has a wireless LAN already built in, otherwise I would need a Wireless Laptop Card - basically it plugs into the PCMCIA slot (the small thin socket) in your laptop. You can also get USB Access Points for both desktop and laptop PC’s.
OK, back to the Wireless Router and security: I enabled WEP and MAC address filtering and positioned my antennae (I already have a firewall and antivirus and make daily backups)
I then connect the Wireless Router to the ADSL (broadband) modem. Windows XP generally make it quite easy to connect to the Wireless Router. Once you have entered the required WEP information, my laptop successfully connected to the Wireless Router and I now have Wireless Broadband Internet. My life is whole again.
So, in the words of a certain prime minister, “Be Alert, Not Alarmed” about the threats of wireless security and remember to seek expert advice before building your own wireless network.
If you would like more information on Wireless Networks, please contact graeme@klassicventures.com.