At Resolve Solutions, we find many small and medium sized businesses' coming to us for advice, and commonly wireless networks are a talking point. "Is it risky for my business to use wireless networking?"
"What legal obligations does my enterprise need to observe if I want to use a wireless network?"
Above are just two of a host of common "wireless network" queries, and you'd be surprised how many people are asking as an afterthought!
So, as a business or enterprise that needs the flexibility of workspace that wireless networking can offer what are the risks involved, and what is considered best industry practice?
Before things get too technical, it's worth mentioning two things:
* Just as there is "more than one way to skin a cat" so also there are a few ways of securing a wireless network, and the best way for you, depends entirely on your needs.
* If your business or enterprise deals with "sensitive data" then the 7th rule of the Data Protection act of 1998 needs consideration- Sensitive data must be "secured against accidental loss, destruction or damage and against unauthorized or unlawful processing"
Having established the above, we've put together a short guide, aimed to inform you of the three main ways Resolve Solutions enforces wireless security.
Encrypt your Wireless
Whenever you setup a wireless network there are a few main components, a wireless access point (which can also be integrated into a router) and the wireless network card for each PC connecting wirelessly.
The access point is the master of the wireless network; this device is used to control network communication and configuration. These access points usually have a web interface that can be "dialled into" from your PC for initial set up.
Through this interface you can set up a "wireless encryption key" which is a very basic, but nonetheless robust, security method. A short string of data is entered in the access point as the master key, with each computer wishing to connect, also needing the same digits, to authenticate access.
Needless to say, if someone sees your wireless network, they will still need this string of data to connect to your wireless network. The current level of WEP Key security (128 bit) provides a good level of protection, but it should be noted that it is still possible to "break" the key with high-end utilities. WPA provides a much better level of security, and should be used if available.
SSID Network Disguise
Every wireless network has a "name" this is set to whatever you wish, it might be your business name, or it could be the name of a network in one of your business' rooms. This SSID name can be set to be hidden, or "not broadcast" in technical terms, and in this way will prevent unauthorized access as people won't be able to see the network/know it even exists. When you hide your SSID, it's important that all the computers you are going to wish to connect to it are configured to connect to the name automatically, as searching for it won't work!
Another option in this security methodology is the complete opposite to hiding your SSID name, it to "fake" a large number of instances of wireless networks, effectively spamming the airwaves, so any intruder has to test a huge number of networks to find a legitimate one.
Although this seems like quite an effective security method, for business' transmitting data it is actually the least secure. Whilst the name of the wireless network access point is hidden, traffic remains flowing to and from the access point and freely available utilities will quickly be able to read this information flying around, and reveal an access points SSID.
MAC Address Filtration
The final security technique that should be discussed is MAC Address filtration. On each and every wireless (and wired for that matter) network card, a unique identifier exists, this being the MAC address. This MAC address is sent with each data package to and from the wireless access point, it allows the hardware to work with the software to ensure that data is delivered correctly.
The router/access point can be configured very easily to reject any contact from unknown MAC Address. A simple list of address (of all your wireless devices) can be added to the router memory upon installation, and further device address can be added when and if needed.
The disadvantage of this approach is that if a new computer or laptop needs access, the address has to be entered manually in the router or access point.
Summary
If all of the above is too much for you to take in, allow me to simplify it:
* Encrypt your wireless - Your network is like a door, and each person wanting to use the door needs a key to open it; however its possible for a thief to steal a key from a genuine user and gain access.
* SSID Network Disguise - Again your network is a door, but its camouflaged into the brickwork so no one can see it, except those who have been told where it is. However it is possible for someone to watch people entering and leaving the door and easily work out where it is.
* MAC Filtration - This time the door can be seen and no key is needed, but much like a VIP queue, if your names not on the list, you're not coming in!
In conclusion, no one of these methods is the best, but by using a mixture of these techniques, you will be able to do a much better job at securing any wireless network from potential attacks.
We hope that this guide has been helpful and informative.
