It’s all too easy for malicious attackers to discover vulnerable wireless networks by “wardriving” — cruising around with a wireless notebook or handheld computer and looking for easy-to-tap wireless networks.
Wardriving details are freely available on the Internet because wardrivers often collect information on discovered open networks, combine it with location maps and then post it for public consumption. Plus, attacking a wireless network is much easier for hackers because it doesn’t require physical connectivity to the network.
If you haven’t checked your network’s perimeter, here are five items to add to your security checklist:
1 Use a virtual private network to foil eavesdropping: To stop attackers from tapping into your business’ communications and performing man-in-the-middle attacks, encrypt all traffic. Existing wireless encryption standards such as Wired Equivalency Privacy, for instance, are not sufficient because they have flaws. It’s much more reliable to use a VPN for encrypting communications. Don’t allow client systems to perform any action on the network without establishing a VPN connection first.
2 Isolate wireless access points from the internal network: It is quite common for corporate networks to have wireless access points connected to the internal wired network. It is better to create a separate network for the access points and then to isolate the network from the internal wired network using firewalls.
3 Weed out rogue access points: Access points are easy to install, and most devices with wireless access can be converted into access points. Users can install rogue access points without the network administrator’s knowledge. These nodes are obvious security risks because they may or may not be affected by measures taken by the administrator to secure the known access points.
4 Filter unauthorized Media Access Control addresses: Access points usually let an administrator limit access to devices based on MAC addresses. The administrator can specify a list of allowable devices based on their MAC addresses. The access point will then rebuff all other devices that attempt to access the network. Although not a foolproof technique, it can still keep out unsophisticated attackers.
5 Reduce the radio coverage of the wireless network: The wireless network should provide coverage only to the desired area and minimize leakage of the signal to the outside world. Configure each access point to reduce the range of its radio signal.