The physical convenience of a wireless IT infrastructure is very appealing, especially to a small business without staff and money to lay cables round the office. However, a Wi-Fi network is more vulnerable because it exposes the company's internal network in way the physical constraints of a wired network do not. And if the organisation also adds its servers and databases then the danger is even more acute.
The more common threats are:
- Computer attacks from the outside (eg. through open ports in the firewall to the servers)
- Unauthorised access to your computer/laptop or servers
- Network traffic eavesdropping/sniffing
- Disclosure of sensitive or confidential information
- Router hijacking
- Denial of service
- Encryption algorithm cracking of weaker algorithms (eg. WEP)
- The creation of rogue wireless access points
These threats are relevant to all businesses with access to the internet and external devices.
Warning signs are often few and far between with many attackers covering their tracks or going unnoticed. However, there are a few warning signs which all administrators should be aware of, such as network performance degradation, loss of availability on a regular basis or clients with an increasing number of pop ups and viruses. The number of attacks taking place unbeknown to an administrator illustrates the need to monitor network activity regularly and have periodic external security assessments performed on the network.
Planning a network
It is a good idea to plan the wireless deployment before you
start. The following gives the key steps involved in securing a wireless
environment:
- Draft a wireless security policy
- Harden the wireless router: for example change defaults, change admin password and enable MAC filtering
- Implement authentication and encryption
- Enforce the wireless security policy
- Perform monitoring and auditing
- Promote security awareness
- Review and test the security of the wireless network
Interference issues
There are additional considerations for the smaller office,
including wireless interference from neighbouring networks.
Almost all organisations I have performed a network security assessment for have a neighbouring office with an unsecured, open wireless network. With many operating systems connecting to the first wireless network with the strongest signal automatically, there is nothing stopping a user from regularly connecting to a neighbouring, open network, perhaps without realising. This can expose their computer, and potentially the internal servers, to an attack or unauthorised access to the network.
Another angle on this is that there are legal implications around outsiders using your wireless access to commit acts that you can be liable for.
Another common problem is interference from a wireless network nearby. A simple solution to this issue is to alter the default channel your wireless router operates on. Change the Service Set Identifier (SSID) of the wireless network to a unique one and if you use cordless phones in your office, pick phones which operate on the 5.8Ghz or 900Mhz frequencies. Alternatively position the wireless router in a central location as far from the outside walls as is possible. This will help mitigate the problems associated with interference such as performance degradation, availability issues and weak signals.
Step-by-step Wi-Fi
security
Here is a walkthrough to the key security measures which
should be included in the overall plan and which may not necessarily be
detailed in user manuals:
Perform a risk assessment: what do you need to defend and why?
- Establish and enforce a wireless network security policy
- Put the wireless router in a secured environment such as a locked cupboard
- Harden the wireless access point - change default username, change SSID, disable SSID broadcast, enable MAC filtering, and consider using static IP addresses rather than Dynamic Host Configuration Protocol (DHCP),
- Turn the Wireless Access Point (WAP) off when not in use
- Implement a virtual private network (VPN) if highly sensitive information is accessible from the wireless network
- Where possible, activate the additional security functions on the router such as anti-virus and threat management controls
- Regularly update the firmware and the router operating system
- Enable auditing on the wireless router
- Monitor activity on the router using manual methods or deploy a wireless security management device
- Implement the three-step security on all laptops and computers: Install anti-virus software, implement a firewall and perform regular updates of the operating system
Read up
By default, wireless routers straight out of the box are
inherently not secure. To address this problem, many router vendors make it
easy for the non-technical user to secure the router by supplying a manual
which clearly illustrates the steps to take.
However, IT managers in smaller businesses are often stretched thin and reading a manual can get forgotten. So to ensure effectiveness of the security measures and of the internal network itself it is always a good idea to hire a security specialist to do this for you. Many consulting companies are also specialised in other areas of information security and can advise on how best to implement scalable security which will maintain the security level as more devices are added and as the network grows.
The right tools
As with all security solutions, small businesses must end-up
with a trade between risk, usability, cost, complexity and functionality.
However, the functionality now exists to secure wireless networks while still
keeping a simple infrastructure and the costs down.
Endpoint security and wireless security management tools are now more affordable and are increasingly successful at defending networks against the major threats to Wi-Fi systems, such as denial-of-service attacks and wireless network sniffers. Another interesting feature of these tools is their ability to scan for rogue wireless access points that attackers often install to infiltrate a network.
Securing a wireless network is not rocket science but with the increasing number of security threats and incidents it is important to take careful steps to plan well, enforce security before you go live and to regularly monitor and keep the security plan up-to-date.
Roy Harari is managing director at IT security consultancy Comsec. For more information visit www.comsecglobal.co.uk