Securing Your Private Wireless Network

Securing Your Private Wireless Network

blog
It has been all over the news lately that corporations and even government computer systems have been broken into. While this is happening, sensitive data is being stolen and leaked onto the Internet or used to distribute company secrets. This is the nightmare of every head of network security in the world at this time as well as for home users and telecommuting workers all around the globe. When careful attention is paid to trends in the news and through specialty publications that focus solely on network security, there is a far better chance of keeping protocols up to date and avoiding any significant breaches. Within this article, the focus will be on Wireless LAN securityand the various pitfalls and methods currently in use that has proven to be reliable.

Closed Networks

Most networks will be a closed system of one flavor or another. It can be a home network where a user does personal banking or a telecommuting employee whose laptop is like the best friend and travelling companion. The most common example of a closed network is a home network or a small organization or company network. It is those that we will be focusing on in this article. When configuring this setup, the most effective point of security will be the access point itself. Through the access point, there is access to options that will govern how information is sent and received and at what level of encryption. There are a few options available to ensure this; some are more effective than others. There are some methods of network protection like WIPS that will require more physical hardware.

They are:
  •     MAC address screening
  •     Using a Wireless Intrusion Prevention System
  •     Use of a Captive Portal
  •     Use of a secure VPN

MAC Address Screening

The best option is to require MAC address screening and to disable ESSID broadcasting entirely. The combination of these two precautions makes the network connection itself difficult to detect by outsiders let alone to initiate information theft. This option does not require the purchase of additional hardware or software and is configurable through the router gateway itself. This is the most popular choice and will be the option that most people require without additional steps. There are those individuals and organizations whose networks require more security though and the following options are available to them. Most often these options below are used by those who conduct work from home or for those who telecommute and may be anywhere in the world.

Use of a Wireless Intrusion Prevention System

In a nutshell, a wireless intrusion prevention system (also known as WIPS) is simply a network device that scans the wireless signals for unauthorized access point and then begins the process of locking them down and sending a notification through an instant messaging (IM) system or a pop-up or page to the currently on duty network administrator. This is an additional piece of equipment and the cost can vary from couple hundred dollars to many thousands, depending on the size of your network. Most private residences and networks will not have this protection unless they tend to work from home and are in a high security IT-related field.

Use of a Captive Portal

This is a fairly common approach taken by small businesses who either offer wireless access for its customers only, or for those who sell wireless access by the hour, day, week etc, like hotels. A captive portal turns the web browser into an authentication site that all traffic is driven to before having access to the entire network in order to provide authentication through a guest password, receipt number or payment type and only when those forms of identification are met, will a user have access to the entire network. This security will most often be seen at hotels, coffee shops and other places where customers might spend a usable amount of time with their laptops while enjoying the location they are at. Many city parks now have such wireless access, in fact.

Use of a Secure VPN

The use of a virtual private network, or more commonly called a VPN, is found most often with telecommuting workers who need access to the company’s entire network and applications, but on a secure line. Think of a VPN as a secret passage way through the World Wide Web, which protects the user from eavesdroppers and those who would virtually pick your pockets by stealing bits of private and valuable data while the user exchanges information between your network and your personal mobile computer.

In the past, companies would spend lots of money to lease telecommunications lines in order to ensure that their network was shut off from the internet. With the resurgence of VPN (for it is decidedly much not new technology) companies have the option to cut costs significantly, take some of the weight off of their likely over-worked IT network administration team and offer their workers a bit more in the way of flexibility when it comes to the location in which they choose to work.

When all is said and done, network security is becoming one of the world’s hottest topics because of how fast technology is moving along. In some cases, it is developing faster than there are ways to be found to protect one’s self from the privacy shredding changes that are being made. From cell phones having tracking and GPS abilities that make your information available to the manufacturer to programs that track your usage under the guide of a “customer experience improvement” program, there is no dearth of new learning available for those who choose the career of network security professional. There is also much to learn for the small corporate and home users.

When choosing a method of wireless security for a closed wireless network, the options are out there. Making certain that the settings are correct and hardware is installed right should fall to a network security professional. This will ensure that slight mistakes do not make your network open to those who would relish the secrets that your network will share with its users. Once implemented, you can be rest assured that the information shared on the network will remain safe, and out of the hands of those who are no better off than they should be.