Tactical Advice

Putting a Lock on Wi-Fi

Wi-Fi networks are inexpensive, easy to set up and an open door to everyone from harmless freeloaders to malicious criminals.
This story appears in the June 2005 issue of BizTech Magazine.
Ed Bobrin, Director of Corporate and Home Systems Technology, DeLuca Homes
Credit: James Wasserman

At first you can't figure out what happened. Your network has been hit with a virus, which means every computer in your company is infected. You can't send critical files to your clients for fear of spreading the virus further, so productivity is down, and deadlines are missed. You spend most of your day eradicating the virus and locating the source of the problem. Finally, you find the culprit—your wireless network.

Wireless networking has been a blessing for many small businesses, allowing those with limited information technology (IT) resources to expand their networks cheaply and easily. Wireless fidelity (Wi-Fi), which provides short-range, high-speed data connections among mobile devices, allows workers to access the network from any location in the office, which increases productivity. As a company expands, it can add users without installing expensive equipment—a Wi-Fi-ready notebook will do the trick. When expanding office space, simply add a couple of wireless access points to boost the signal—no more snaking miles of cable through the office.

But Wi-Fi is inherently insecure, leaving networks open to anyone. At best, others can simply ride free on your Internet access. The more devious might pry into your e-mail or personal files. At worst, hackers can use Wi-Fi as a back door to your network, where they can spread viruses, worms or spam.

Companies can take steps to keep their Wi-Fi networks secure: Encrypt the wireless signal, add layers of protection to applications on the network and establish and enforce sound security policies.

Encryption: The Key to Security

Encryption is the first line of defense. There are two choices with wireless encryption: WEP (Wireless Equivalent Privacy) and WPA (Wi-Fi Protected Access). WEP uses a static encryption key, i.e., the key remains constant for all network devices until it is changed manually. So it's considered less secure than WPA's dynamic encryption method, in which the key automatically changes periodically. But WPA isn't foolproof, either. It is vulnerable to denial-of-service attacks, in which hackers bring a network to its knees by flooding it with useless traffic, according to security experts.

Depending on your business needs and applications, one type of encryption may be more appropriate than the other. For example, DeLuca Homes, a Yardley, Pa., home builder with 100 employees, uses Wi-Fi at its construction sites to allow its field workers to access a Web-based project and job-cost management application, says Ed Bobrin, DeLuca's director of corporate and home systems technology. Because anyone passing by the construction site could easily detect the wireless signal, DeLuca uses WPA encryption to make it nearly impossible to break into the system.

In DeLuca's office, however, the company favors greater flexibility than the periodically changing key that WPA allows. The company wants employees to be able to use notebooks in conference rooms and print documents on the fly. DeLuca also wants to accommodate clients and consultants who need Internet access when spending the day at its headquarters. Although WEP is less secure than WPA, it's much easier to give visitors a single key, then change it later if you're concerned that it poses a potential security risk, says Bobrin.

Anthony Mashkovich, Director of IT, Schwarzkopf Inc.

WEP's simple implementation—typing a password generates an encryption key—is also attractive to companies with limited IT resources such as Schwarzkopf Inc., a Culver City, Calif., manufacturer of hair-coloring and styling products. The com­­pany's traveling sales reps don't spend much time in any of Schwarzkopf's three offices. When they are in the office, Wi-Fi lets them check e-mail, access network resources and print documents from any desk.

"One 128-bit key is enough to keep [unauthorized users] out," says Anthony Mashkovich, Schwarzkopf's director of information technology. "With people going between different offices, if you have different sets of keys for different offices, it gets confusing very quickly."

Add a Few Choice Words

Because no wireless encryption technology is foolproof, adding layers of protection—such as passwords to each application on the network—will help discourage intruders. At its construction sites, DeLuca uses password protection for the project-management application in addition to applying WPA encryption.

CEO Takeaway
Think in terms of how your company will use the network. Some uses may require high security, such as protecting sensitive company or client information. Others may require less security and more flexibility, such as accommodating guest users.
Regardless of the type of encryption used, make sure you also protect sensitive applications with passwords.
Institute a companywide security policy, explain it to employees—and enforce it.

"If someone were to steal a laptop, they would still need a separate password authentication to get into our Web application," explains Bobrin.

Technological solutions alone, however, aren't enough to keep your assets secure. Companies should have a well-defined and strictly enforced security policy. Establish sound password policies. Educate employees about the importance of choosing strong passwords (at least eight characters with a combination of numbers, letters and symbols), and implement and enforce periodic password changes. Schwarzkopf requires users to change their passwords every two months and maintains a password history to prevent employees from re-using old ones.

On the whole, security risks "are mitigated by encryption and common sense," notes Bobrin. That's a formula that other businesses would be well advised to follow.

Sign up for our e-newsletter

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...