Many
administrators and managers will likely read this article title and say to
themselves: “We don’t have wireless networking here. I don’t need to read this.”
But
those same administrators often discover that wireless networking happens,even
when “they don’t have any.”That’s because wireless networks exist – even when a
particular company hasn’t installed them.For example,your company may not have
wireless networking,but maybe the company on the floor above you does.
Windows,by
default,will attempt to connect to any wireless network it finds.Could your
laptop users inadvertently be connecting to another company’s network,exposing
your company’s information?
And
if you happen to be in the kind of business where your company’s information
includes any kind of confidential client or patient data that’s protected under
federal law,you’ll not only have lost data,you may face civil penalties and
lawsuits.
Consider
this:laptop sales far exceed desktop sales,and ninety percent of laptops sold
today have built-in wireless networking.Often,end users who want to make things
easier for themselves will hook up their own wireless access points. Why? The
cost of wireless access points has dropped so low that many users will simply
purchase and install their own onto the corporate network … without
telling anybody. Ask them why and you’ll hear “so that I can do my job better.
List
of Five Ways to Secure Your Wireless Network:
- Starting With a Practical Wireless Security Policy
- Securing Your Wireless LAN
- Securing Your Wired LAN
- Securing Your Wireless Clients
- Training Your Users
#1:
Start With a Practical Wireless Security Policy
The
first step is a good wireless security policy – it’s much more than just
paperwork.It’s a critical component that spells out what’s allowed and what’s
not allowed,and who is responsible for making sure the policy is followed.That’s
why it’s vital for companies to have a wireless security policy in place even if
the policy simply states “wireless networking will not be used.”
The
reason is logical enough:employees need to know what is and isn’t
permitted.Your policy should spell out the specific conditions under which
wireless networking can be used,as well as spell out the encryption, authentication
and protection mechanisms that must be employed.In addition,your policy should
clearly prohibit the connection of unauthorized access points to your corporate
network.
Remember
that the best security policy isn’t worth the paper it’s printed on if it only
sits on the shelf. Make sure the details of the policy are a part of your
end-user training.
#2:
Secure Your Wireless LAN
If
you are using wireless,hopefully you are aware that WEP encryption and MAC
address filtering are no longer considered adequate security.They are both
easily circumvented.You should be using WPA or WPA2 (also called 802.11i) which
provides strong encryption and authentication on your wireless LAN.If you are
using VPNs,ensure that split tunneling is disabled.
If
you allow wireless guest access,make sure you restrict their access to your
corporate resources.The best way to do this is with wireless controllers and
lightweight access points that segregate and tunnel guest traffic without having
to build large guest VLANs throughout your enterprise.Some of these products
also provide rogue detection and limited intrusion detection as well.
If
possible,use SSH or access lists on the access point management interface to
prevent unauthorized modifications to your configurations. And make sure your
access points are physically secured out of sight and out of reach.
#3:Secure
Your Wired LAN
Whether
or not you deploy wireless networking,it’s an unconditional requirement to make
detection and prevention of rogue access points a key part of your company’s
security plan.The presence of a rogue (i.e., an unauthorized) access point
indicates that your network security is being compromised–either
unintentionally by a well-meaning employee,or by someone who is actively
eavesdropping on your network.Periodic checks for rogue access points need to
be part of your regular maintenance or auditing.(Tip:be sure to check at
different times of the day.)
A
simple check can be performed with a laptop and any number of commercial and
freeware applications.In essence,you record the MAC address of every access
point you can detect,then looto see if that MAC address exists on any of your
switches.If it does, and you didn’t put it there,then you have a rouge
access point on your network. It is usually not necessary to physically locate
the access point (although that would be a good idea). Instead,simply disable
the switch port that the access point is plugged into.
#4:
Secure Your Wireless Clients
A
wireless laptop is vulnerable to a whole host of attacks from anyone within
range. So it’s an absolute necessity to be sure your laptops are all properly
configured with personal firewall sand antivirus software.When connecting from a
remote location,use VPNs to connect to your corporate network,and configure them
so that all traffic from the laptop uses the VPN tunnel.
In
other words, do not allow split tunneling where corporate data uses the VPN
tunnel,but Internet traffic goes directly via the wireless provider.If you
do,you open up your corporate network to attacks via your remote users.
Consider
limiting the ability of your users to associate with the access point of their
choosing (especially ad-hoc networks) by applying an appropriate Windows
policy.Think what would happen if their home network uses the default SSID
“Linksys”and so does that company on the floor above you.
#5:Train
Your Users
The
best defense against wireless attacks is a well-trained user.
Training
is an essential element of your corporate network security.Every company needs
to train users on the importance of encryption and strong passwords.Make your
users aware of“social engineering”techniques and all the e-mail scams used to
trick them out of passwords or other information.Remind them that using a public
hotspot has all the safety and appeal of a public restroom.Educate them to
notice suspicious people with laptops or antennas near your workplace.And make
sure they understand the dangers of connecting their own access points to your
corporate network.
As a
network administrator or IT manager,you need to be aware of wireless vulnerabilities.Remember
that just because you haven’t deployed wireless networking in your enterprise,it
doesn’t mean that wireless doesn’t exist.Take steps to secure your enterprise and
you will be rewarded with increased security,reliability and user satisfaction.
More Related Wireless Tips:
cisco 1900 router license
cisco 1900 vpn license
cisco 1900 data license
cisco 1900 security license
cisco 1900 router license
cisco 1900 vpn license
cisco 1900 data license
cisco 1900 security license
沒有留言:
張貼留言