Wireless networks require the same security measures as
conventional networks, and then some. The same issues that concerned you in the
non-wireless realm should still concern you with wireless networks and devices:
Keep the encryption strong, keep the certificates in place, and keep doing
security.

Wireless security isn’t a matter of different
security, it’s a matter of more security.

Here are the most common security oversights and how you can
avoid them.

1. Don’t breach your own firewall

You’ve almost certainly firewalled the network, wireless or
not, and rightly so. However, you’ve done yourself no good if your
configuration doesn’t place your wireless system’s access points outside the
firewall. Make sure it does—otherwise you’re not only failing to create a
necessary barrier, you’re creating a convenient tunnel through one that was
already there.

2. Don’t spurn Media Access Control

Media Access Control (MAC) is often ignored because it’s not
spoof-proof. But it is another brick in the wall: It’s essentially another
address filter, and it clogs up the works for the potential hacker. What it
does is limit network access to registered devices that you identify on
address-based access control rosters.

MAC also gives you an opportunity to turn the tables on the potential
intruder. Consider that the intruder must knock on the door before being
denied.

If you have MAC in place, the intruder must bump into it
before realizing it’s there, and then must regroup to get past it. And now your
network knows what the intruder looks like. So think of your MAC list as
creating three classes of visitors: first, friendly entities that are on the
MAC list; second, unknown entities that are not on the list and who knock by
mistake; and third, entities who aren’t on the list but are known because
they’ve tried to get in before, uninvited, and are now instantly identifiable
if they approach again.

In short, if you monitor your wireless network and watch for
multiple attempts at access by entities not on the MAC list, you’ve spotted a
potential intruder, and he won’t know you’ve seen him.

3. Don’t spurn WEP

The Wired Equivalent Privacy (WEP) is a protocol specific to
wireless security, conforming to the 802.11b standard. It encrypts data as it
goes wireless, over and above anything else you’re using. Use it. But remember
that it is key-based, so don’t stay with the default key. You may even wish to
create a unique WEP key for individual users when they first access the system.
Yet don’t rely on WEP alone. Even multiple layers of encryption don’t make you
hack-proof so use WEP in combination with other wireless-specific security
measures. (For more insight on WEP, check out this TechRepublic article, “Use WEP to improve security
on your wireless network.”

4. Don’t allow unauthorized access points

Access points are so incredibly easy to set up, and an
over-burdened IT department might easily simply loosen the rules to allow them
to be set up on an as-needed basis by anyone smart enough to run a VCR. But
don’t succumb to this temptation. The access point is a primary target for an
intruder. Implement a deployment strategy and procedure, and stick to them.

What’s involved in such a strategy and procedure? First, you
must carefully outline the correct guidelines for positioning an access point
and be
certain that anyone deploying an AP has those guidelines on hand. Second, you
must have a procedure in place for noting the presence of the AP in your
wireless network configuration for future reference, and appropriately
distributing or making available the revised configuration. And regardless of
who sets up the AP, have another person double-check the installation as soon
as it’s convenient. Is this a lot of trouble to go to? Yes. And security
penetrations due to rogue APs or leaky ones are even more trouble.

5. Don’t permit ad-hoc laptop communication

This is a tough one to enforce in any enterprise. Ad-hoc mode
lets Wi-Fi clients link directly to another nearby laptop, which is so darned
convenient, you just can’t imagine not using it.

As part of the 802.11 standard, ad hoc mode permits your
laptop’s network interface card to operate in an independent basic service set
configuration. This means that it can go peer-to-peer with another laptop via
RF. When you’re in ad hoc mode, you can spontaneously form a wireless LAN with
other laptops. At face value, this is such a cool trick that none of us can
resist trying it out. But understand up front that it permits access to the
entire hard drive of the laptop; if you enable it and forget that it’s enabled,
your fly is open for all the world to see.

And the danger isn’t only to your open machine. An intruder
can also use the networked laptop as a doorway into the network itself. If you
leave your machine in ad hoc mode and somebody sneaks in, you haven’t just
exposed your personal machine, you’ve exposed the entire network.

Avoid this risky habit by never letting it develop in the
first place. Just accept that it isn’t worth the risk.

If
you’ve got more questions about wireless security, visit the TechRepublic’s Spotlight on
Mobile Wireless Security
.