Wireless Communication Security - a common sense approach

By: Eduardo R. Zayas-Quiñones

[Home][Strong Passwords][Personal Firewall Security][Backup my PC?][About computer viruses][Wireless Security]


What is Wireless Communication?

Wireless communication is the combination of some of the fastest growing technologies for the transmission of data in Local Area Networks (LANs) over the air - hence their name Wireless Local Area Networks (WLANs). The creation of wireless technology standards in 1999 has contributed in great part to their growth - the low cost of the required components and the achieved transmission rates makes it a technically sound and economically feasible solution for small to large scale businesses.

Security and the Wireless Network

In addition to the already existing array of contemporary security issues plaguing companies and individuals who use the Internet, WLAN technologies introduce an even greater array of weaknesses which can be exploited in order to gain unauthorized access to information as it is transmitted from one device to another over WLANS and even while it is stored on computer systems.

Because transmission of information is usually not contained within the physical confines of an office, it is vulnerable to interception. This is important to you if maintaining the confidentiality of your business or personal information is important to you. Some may wonder what could be so confidential about one's personal data that eavesdropping by others could pose a threat. The answer to this question is credit card numbers, electronic checking transactions and other financial account data which could be used to defraud you and/or others by impersinating you. Later on I will discuss some common sense strategies you can use to minimize the risk of such occurence.

Another risk is that of someone using your network conection. While you may not care whether someone uses resources you have paid for, it may not be such a nice arrangement when the unauthorized user consumes most of your bandwith or when someone changes the configuration on your router to bring down your network.

Typical Small Office Components and Configuration

Whether your business is based in an office or at home some of the components are common to all types of WLANs. Take a look at the diagram below.

Normally, you access the Internet through the use of a cable or DSL connection - years ago I used ISDN but this type of service is seldom used these days. Your cable or DSL service provider will very likely offer different service level (speed) and equipment options. Insome cases you may choose to lease a cable or DSL modem or you may choose to purchase your very own. Regardless of which option you choose, the cable or DSL modem is where you begin connecting the rest of your WLAN. Over the past few years I have seen great improvement on the features incorporated into Cable/DSL routers. My first such device enabled interconnection of several computers using ethernet cable connections on a separate switch or hub. Today, I use a Linksys Wireless-B Broadband Router with a built-in 4 Port Switch. Using this device we can access the Internet from our laptops using either built-in 802.11 wireless technology (common to most new laptops on the market), installed 11-G wireless cards or our ethernet-based desktop computers. In addition, a Wireless print server lets us connect serial and USB based printers. Our wireless router serves as a "Wireless Access Point" too - its firmware includes a firewall and a fairly easy to use user interface to configure it.

Securing your WLAN - Some common-sense configuration options we can use to provide a reasonably measure of security for your WLAN

Change your Wireless Router's default SSID name and password configuration

This is one of the greatest weaknesses and threats to WLANs as many individuals install the devices and never bother to change default factory settings for SSID name and administrator password. The reason for this is simply that default wireless router passwords and Service Set Identifiers (SSIDs) are well known and can therefore be used by unauthorized individuals to make modifications to your network and even shut it down. SSIDs consist of a sequence of alphanumeric characters (letters or numbers) and can have a maximum length of 32 characters. Change the default SSID on your wireless router and password.

Disable SSID Broadcast

Most wireless routers will let you reset their configuration to prevent SSID transmission. This way, someone who just happens to be looking for the presence and availability of WLANs by finding SSID transmissions will not easily detect the presence of your network. The SSID on wireless clients can be set manually, so even though your network is not advertising its identity by entering the proper SSID into the client network settings, you can access and authenticate into the WLAN.

Enable Encryption

Most Wireless routers can be configured to enable WEP Encryption. WEP stands for Wired Equivalent Privacy, a security protocol for wireless local area networks defined in the 802.11b standard. I have seen two versions of the protocol, 64 and 128 bit. WEP is designed to provide some level of security to a wired LAN. IWhile perhaps not the most robust of available encryption protocols and can not guarantee end-to-end security. However, 128-bit WEP encryption can along with other secure configuration measures provide reasonable security for your WLAN.

Restrict the number of IP's allowed and their range

Most wireless routers will let you determine the number of ip addresses allowed at anyone time to use the router and their range. If you use only 7 addresses on your network then by specifying 7 to be the maximum number you are in effect disallowing that additional unauthorized connection onto your WLAN. While this is not a full-proof method of deterring unauthorized or rogue connections on your WLAN along with other configuration measures can help strengthen the security posture of your wireless network.

Setup Access Restrictions

Many wireless routers will let you restrict which computers can connect based on their MAC addresses. Configure your wireless router to allow ONLY those MAC addresses specified by you to access your WLAN.

While each of these measures is not sufficient in providing total security to your WLAN, their combination will help create a more secure environment by mitigating many of the risks and threats associated with wireless networking.


[Home][Strong Passwords][Personal Firewall Security][Backup my PC?][About computer viruses][Wireless Security]

Copyright © 2002-2006 Ed Zayas