Tactical Advice

Perimeter Defense

Try these tips to help prevent eavesdropping and information leaks from affecting your wireless networks and devices.
This story appears in the March 2007 issue of BizTech Magazine.

It’s all too easy for malicious attackers to discover vulnerable wireless networks by “wardriving” — cruising around with a wireless notebook or handheld computer and looking for easy-to-tap wireless networks.

Wardriving details are freely available on the Internet because wardrivers often collect information on discovered open networks, combine it with location maps and then post it for public consumption. Plus, attacking a wireless network is much easier for hackers because it doesn’t require physical connectivity to the network.

If you haven’t checked your network’s perimeter, here are five items to add to your security checklist:

1 Use a virtual private network to foil eavesdropping: To stop attackers from tapping into your business’ communications and performing man-in-the-middle attacks, encrypt all traffic. Existing wireless encryption standards such as Wired Equivalency Privacy, for instance, are not sufficient because they have flaws. It’s much more reliable to use a VPN for encrypting communications. Don’t allow client systems to perform any action on the network without establishing a VPN connection first.

2 Isolate wireless access points from the internal network: It is quite common for corporate networks to have wireless access points connected to the internal wired network. It is better to create a separate network for the access points and then to isolate the network from the internal wired network using firewalls.

3 Weed out rogue access points: Access points are easy to install, and most devices with wireless access can be converted into access points. Users can install rogue access points without the network administrator’s knowledge. These nodes are obvious security risks because they may or may not be affected by measures taken by the administrator to secure the known access points.

4 Filter unauthorized Media Access Control addresses: Access points usually let an administrator limit access to devices based on MAC addresses. The administrator can specify a list of allowable devices based on their MAC addresses. The access point will then rebuff all other devices that attempt to access the network. Although not a foolproof technique, it can still keep out unsophisticated attackers.

5 Reduce the radio coverage of the wireless network: The wireless network should provide coverage only to the desired area and minimize leakage of the signal to the outside world. Configure each access point to reduce the range of its radio signal.

CEO Takeaway
Wireless devices and networks have unique security requirements quite different from their wired counterparts. Because wireless access points often connect to internal wired networks in corporate topologies, an attacker can leverage a successful attack on an access point to infiltrate the internal network and systems. To foil drive-by hackers, make sure routine audits include:
• Upgrading drivers and firmware regularly.
• Changing the default configuration of wireless devices to a more secure one, including renaming passwords and service set identifiers. (Each SSID is a unique alphanumeric name that identifies a specific wireless network.)
• Cloaking your network’s existence — muzzle its beacon signal and don’t broadcast the SSID.
• Disabling automatic Internet Protocol address assignments and using static IP addresses.
S.G. Masood is a Web security researcher for F-Secure (www.f-secure.com), a network security services provider with headquarters in Helsinki, Finland.

 

Sign up for our e-newsletter

Security

Three Ways to Integrate Fire... |
Follow these tips to align the devices with log management and incident tracking systems.
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...