As I type this, I have offers from 4 nearby wireless access points to connect. My laptop tells me that two are named "linksys," one is the name of business, and one appears to be gibberish. None of the access points have encryption enabled. Keep in mind I am not looking for these sites, they are broadcasting their existence and identity to me, offering me a connection - a digital "Welcome" mat. How many could I find if I was actually trying to locate access points?

That is the main problem with wireless networking - you cannot control who has access to your network. Couple that with the vulnerabilities inherent to wireless protocols, and you have a security nightmare on your hands.

In the new information age, corporate network users have come to depend on unlimited access to network resources, the Internet and email, no matter where they are in the building. Wireless conveniently delivers this technology. It is easy to set up, inexpensive, and offers flexibility previously unavailable to the corporate world. For the home and home office users, Wireless offers the ability to take your work with you around the house - even outside on a nice day. No doubt about it: wireless enhances productivity.

As convenient and appealing that this flexibility is, the ugly truth is that wireless presents companies with a host of problems.

At minimum, a wireless network consists of two devices: a computer with a wireless network card and a wireless access point that this computer connects to. The access point has a distinct Service Set Identifier (SSID) that it broadcasts to anyone within several hundred feet. If there are multiple access points to choose from, a client computer typically associates with the one that has the strongest signal. Once an association occurs, the client computer can connect to the network if it has a valid IP address. Sometimes the client is even given an IP address by the access point through DHCP (Dynamic Host Control Protocol).

Most manufacturers ship their wireless hardware with the security controls disabled. Why? Because that makes it easier to set up and reduces their service calls. Unfortunately, in a default setting, anyone in the area can connect to a wireless network.

Due to insecurity of wireless protocols, there is no way to make your wireless network absolutely secure. You can, however, reduce your exposure and risk by following five relatively simple steps:

1. Change the default SSID and admin password on your access point. Don't use something personally identifiable. If I am a hacker trying to break into ABC company, and near their building my wireless device finds an SSID named "ABC Company", my job is a lot easier.



2. Don't broadcast the SSID. Most access points give you the ability to disable the broadcast of the SSID. That makes it more difficult to find a wireless network. For instance, if someone were searching for a wireless network in my area they would not know that mine even exists since I do not broadcast my SSID.



3. Turn off DHCP. DHCP is another convenience feature - it hands out an IP address to anyone who asks for one. Once you turn of DHCP, you can specify a range of addresses to use for your computers, which a hacker would need to guess or otherwise determine.



4. Turn on MAC (Media Access Control) address filtering. Each wireless network card has an address hard-coded into it by the manufacturer. Your access point will give you the ability to only accept connections from certain MAC addresses. You then tell the access point to only accept connections from your MAC address.



5. Turn on WEP (Wired Equivalency Protocol). While it is certainly not perfect, WEP encrypts the data sent between your wireless card and access point using a shared key. It also denies connections to clients who are not in possession of the shared key.

There are also vendor-specific security tools that can be implemented to further increase security (typically for an additional fee). You should check with your manufacturer on this topic. However, keep in mind that since there are no standards in place governing wireless security, there is no interoperability between vendor security solutions.

Sometimes it is possible to limit your exposure by turning down the signal strength of the access point. That will reduce the area of the signal broadcast, and thus your chances of a wireless attack. If you can't reduce the signal strength in your access point, consider placing it centrally in your home or building such that the signal only covers the areas you need without excess.

Spend time thinking of the implications of wireless to your network. And don't relax just because you don't have a wireless network in place. Do any of your users have wireless at home? Do you provide these users with remote access to office applications or a VPN? If the answer to these questions is yes, not only is your corporate network connected to a wireless network, it is likely wide open to anyone with a wireless card. Sounds scary? It is.

While the future will no doubt bring security enhancements to wireless, the implementation that is most widespread today is the very insecure 802.11b. Before adding it to your network, put some serious thought into how wireless will affect your security. Don't sacrifice security for convenience - it will always come back to haunt you in the long run.

About Webfargo Data Security

Webfargo was formed in 2001 by veterans of the Research Triangle technology industry to provide proactive security services and information protection solutions that empower companies to develop and enforce security policies, set and attain security objectives, monitor and respond to network events, and protect intellectual property and critical data in the enterprise and e-business. Webfargo is self-funded and has been profitable since its inception.

For more information visit www.webfargo.com, or call (919) 281-0175.