Wireless Security

The fundamentals to ensuring your wireless network is secure are:

  • Encrypt your data with WPA2 / WPA
  • Limit access to known clients
  • Consider teleworker VPNs to remote sites

 

Why secure a Wireless network?

Open, unsecured Wireless networks can be accessed by anyone that can find them. If you’re running a wireless network without securing it, then it is possible that 3rd parties can access data on your network, or use your connection for their own ends.

If a 3rd party uses your connection it is going to contribute towards your usage allowance and potentially give them access to your personal data.

Any use of your Internet connection is your responsibility – so it’s important to make sure you’re secure.

You will find specific guides for configuring your security elsewhere, below is a general list of steps you can take to protect your Wireless network.

Wireless Encryption

The majority of Wireless networking equipment supports the Wired Equivalent Privacy (WEP) encryption protocol. WEP was introduced in 1997; in 2001 weaknesses were found that allow attackers to gain access to WEP encrypted networks. The use of WEP encryption is therefore not recommended, and if your wireless equipment supports it, we recommend using WPA2 or WPA.

In order to implement WPA2/WPA encryption, both ends of the connection must support it (i.e both router and Wireless client). For clients that rely on the Wireless Zero Configuration service built in to Windows (or which simply use the Windows wireless client), support is available for WPA2/WPA by downloading updates from Microsoft’s support site.

If your not sure about your wireless security, contact us to book a review.

Mac OS users will need to run Panther (Mac OS X 10.3) or later in order to use WPA2/WPA encryption with their Airport or Airport Extreme hardware.

Who should consider using encryption?

Whilst encryption will add an overhead (extra data having to be transmitted between router and client) and therefore decrease overall speed of connection slightly, we would still strongly recommend it is employed by anyone implementing a wireless network. Interception of unencrypted data allows an attacker to read anything that you are sending between your client and router. If you use (for example) online banking, then the benefits of encrypting the data are clear.

VPN connections provide a significantly higher level of encryption, and also provide the added benefit of using equipment other than your Wireless Access Points or Clients to encrypt and decrypt data. Using a VPN to transmit data to and from a remote site adds a further level of security for tele-workers using wireless connections in addition to wireless encryption.

Limit Access to Trusted Clients

Each Network Interface card (including Wireless client adapters, Access Points and Routers) has a serial number assigned to it at production – this is called a MAC address.

A MAC address is always in the form of a 12 digit Hexadecimal value. For example, 00-4-05-B9-DF-E3

It is rare for a device to allow a MAC address to be changed, hence it is useful in identification purposes to limit access to your Wireless network to recognised Wireless client adapters. Most Access Points or Wireless Routers allow you to limit access to known MAC addresses.

If you need to find out a MAC address in Windows this can be done by opening a Command Prompt and typing:

ipconfig /all

Then press Enter. The Wireless device or Network card will be listed. The MAC address is referred to as the Physical Address.

On Apple OS 10.x you can find this information by opening and running the Networks Utility. This can be found by clicking Go -> Applications -> Utilities -> Network Utility.

Select Info and pick the appropriate Ethernet Interface. The MAC address will be displayed below, titled “Hardware Address”.

Who should consider limiting access to trusted clients/MAC addresses?

Most users of Wireless networking should limit access to trusted clients. Exceptions may be made when your Wireless network is being provided for use by different people – including guests.

Hiding your SSID

The SSID, or Service Set Identifier, is the name designated for a specific Wireless network.
Whilst hiding it may stop casual identification, it won’t stop anyone trying to access your wireless network.

If your not sure about your security or all this talk about MAC addresses and ipconfig is confusing, give us a ring on 01239 712345 or email info@telemat.co.uk