Wednesday
Oct102007
Wireless security — WEP is not your friend.
Wednesday, October 10, 2007 at 1:00PM
So I've talked about how to start doing a basic security audit for yourself or your company. I think I'd like to answer a few questions that I get about wireless security now. Wireless is both a boon and a bane to the computing and technology world. When I talk about wireless here, I'm referring to wifi, 802.11b/g/n -- not cellular wireless.
The best part of wireless is that it's wireless. I know that sounds like a stupid, useless fact but it's something to keep in mind while working with this technology. Wireless can be accessed outside of where you think the signal ends. Most people who implement wireless feel that they don't need to enforce any security because they put the access point in their office or their house so only they can access it. Wireless bleeds out the windows, the doors, and straight through the walls. Someone with a high gain antenna should have no issue picking up a wireless signal over a mile away as long as they have line of site.
Second, WEP is not a secure standard. Yes, it looks secure since it has to be 5 or 13 characters but it's truly not. Following some simple instructions, which can be found via Google and at SecurityFocus, a person can hack a WEP key in a few minutes. This means that they can have access to your personal or commercial network and take control of your information or worse, take your information. Identity theft is on the rise and there is no better time than now to protect yourself.
There are many great ways to help protect yourself while using wireless. I've listed a few below along with some more information about how to implement each one.
Well, hopefully this has been helpful to you. Let me know what types of ways you use to protect your wireless LANs.
Helpful Informational Links:
The best part of wireless is that it's wireless. I know that sounds like a stupid, useless fact but it's something to keep in mind while working with this technology. Wireless can be accessed outside of where you think the signal ends. Most people who implement wireless feel that they don't need to enforce any security because they put the access point in their office or their house so only they can access it. Wireless bleeds out the windows, the doors, and straight through the walls. Someone with a high gain antenna should have no issue picking up a wireless signal over a mile away as long as they have line of site.
Second, WEP is not a secure standard. Yes, it looks secure since it has to be 5 or 13 characters but it's truly not. Following some simple instructions, which can be found via Google and at SecurityFocus, a person can hack a WEP key in a few minutes. This means that they can have access to your personal or commercial network and take control of your information or worse, take your information. Identity theft is on the rise and there is no better time than now to protect yourself.
There are many great ways to help protect yourself while using wireless. I've listed a few below along with some more information about how to implement each one.
- Use WPA or WPA2 instead of WEP -
There are many different ways of using WPA or WPA2. TKIP and AES encryption are two of the simplest ways of protecting yourself. Most wireless APs and routers can accomplish this already and it's easier to remember a long pass-phrase (such as iLoveToProtectMyWirelessConnection) than it is to think up a 5 or 13 character phrase like needed in WEP. - Place your access point(s) in strategic places
While you don't want to place your APs so out of the way they can't give you proper signal, you also don't want to install your APs on the windows of your buildings. There is a restaurant where I live that has their AP directly in the window. This allows me access to their wireless anytime I want. A great tool to check wireless signals is call VisiWave Site Survey. It's not free but it does produce outstanding reports to see just where your signals go. - Use a VPN server
While you can always attempt to protect your wireless network, using a VPN server to connect after getting on your wireless will encrypt and save your data from prying eyes even after they have broken into your wifi. Many companies already have VPN servers setup for remote access in so you could use this same server to get from your wireless into your LAN.
Well, hopefully this has been helpful to you. Let me know what types of ways you use to protect your wireless LANs.
Helpful Informational Links:
Reader Comments (1)
[...] along the way. When I learn a new WEP cracking method (not that people don’t know about the insecurities of WEP anyway) or of a new great service online for scheduling events, I let people [...]