Articles of interest to our clients and colleagues
Networks without walls:
Wireless networks are an excellent way to extend your network quickly and inexpensively. However, a wireless network can extend your network outside of your walls...including to those guys parked in the van across the street.
Unfortunately, your wireless network can broadcast far outside your building. With a
and some widely available hacking software, anyone sitting near your installation—or even driving by—can passively (without alerting your network manager) scan all the data flowing through your network. This activity is like most hacking activity -- done mostly for bragging rights, but the potential for data corruption and service interruptions certainly exist. Industrial espionage and terrorism are unlikely, but must be considered a
So how do you reap the benefit of these technologies without encountering the risks? The technical answer is complex, so we've boiled it down to several simple guidelines:
Ban unauthorized access points.
The low cost (under $150) and the ease of installation of these wireless access points (WAPs) is a strong incentive for your "power user" employees to circumvent the IT department and install their own wireless network. The default settings on most access points is no encryption, so most of these rogue connections are totally unsecured. Be sure that your IT policies specifically prohibit the unauthorized installation of these devices and require your IT guy (or gal) to routinely sweep
for new devices that may have popped up on the network. NetStumbler is a free utility that will locate these rogue APs. Shut them down.
Control your broadcast area.
WAPs are essentially FM radio transmitters and receivers, and their radio waves easily pass through walls and floors. Make sure that the APs are located as high as possible in a central location and away from doors and windows. The signal should just barely reach your exterior walls. Obtain permission from your neighbors to walk through their space with with a laptop and measure your signal strength. Don't forget to check the offices above and below you!
Use strong encryption and secure your access points.
Be sure that all APs have a strong administrative password (I bet at least one of your APs has the password ADMIN) and you are using 128 bit encryption. Standard 64 bit encryption can be defeated in a few hours using a laptop running code-breaking software. Cracking a 128 bit key will take several weeks, long enough for your attacker to get frustrated and go elsewhere.
If you are really concerned, call in the pros.
If you have a lot of confidential or sensitive data running through your network, you would be well advised to seek the advise of a professional data security firm. However, sophisticated wireless security systems tend to be very expensive and complex. Alternately, you may be better served by a totally hardwired network and prohibiting all wireless data transfers. Be certain to continue to perform Guideline One on a daily basis.