How to secure your wireless network
I'm now a contributing editor for TechNet Magazine. Everyone with a TechNet subscription automatically receives it; if you don't have one, you can still get the magazine free. The magazine's published three issues so far: Winter 2005, Spring 2005, and November-December 2005. You'll especially enjoy the "Hacking" series in the first issue, where Jesper writes up his "Anatomy of a hack" conference session that always seems to score a hundredth of a point or so higher than me! (LOL) Good news: the magazine is increasing its frequency; it'll be bimonthly through June 2006, then monthly after that.
Anyway, in the November-December 2005 issue, I've co-written (note I don't say "co-authored"; "author" is not a verb!) with Kathryn Tewson an article on wireless security for the Security Watch column. We describe the threat, some wireless security basics, how not to secure a wireless network (hint: bogus advice regarding SSIDs and MAC addresses figures prominently here), and details on access control and encryption. We also describe three common scenarios.
Read through the article for information on the various technologies and our recommendations -- which is pretty simple these days: WPA or WPA2 are really the only logical choices. While you're at it, subscribe to the magazine, too. I think you'll enjoy it. Look for more articles of mine in the magazine over time; for the January-February 2006 issue, I'll have an article describing VPN quarantine (just sent it to the editors today, actually).
Comments
Anonymous
January 01, 2003
Great post, explained really well and I could really understand. Thank you.Anonymous
November 12, 2005
The comment has been removedAnonymous
November 12, 2005
Interesting article Steve.
I like the approach you have taken on it. It simplifies a lot of the myths about wireless and is clear and concise.
I have passed it on to a few clients who have taken one look at it and very quickly realised their mistakes.
Not only are the corporate networks at risk, but wireless in the home is becoming a much bigger fad.
I know that one ISP in Australia was distributing a "Great Deal" ADSL and Wireless router where all the SSID's were the same, no security was on it, and of course, a great free for all :)
Just the thing for all the mums and dad, a cheap service, wireless for the home, and the wardriver or hacker sitting in their street sniffing their credit card number or reading that word file off their pc with all their confidential information in it....
GregAnonymous
December 08, 2005
Concise and covers some good stuff. There is often a fourth type of 'attack' on your wireless network for home users... It's the accidental one. In apartments and close housing it happens all the time. And while not secure from anyone looking to purposely use your wireless APs, hiding your SSID and filtering MACs can help prevent this. Not a hard thing to maintain either if you only have a few PCs and use vendor software/drivers. And I'm not saying they shouldn't do more, but here is a real actual case in point (my sisters retired neighbor): small apartment with 1 PC and an earlier wireless card with only WEP support (no firmware update for it). F&P disabled on the PC (which is on an UPS and always on), but was worried about close neighors hitting his AP and using his Internet access. The AP is fairly new and supports guest mode. With that enabled, the SSID hid, and the one MAC address allowed from the locked down PC, he isn't too worried about having to wait until the end of the month to afford a newer wireless card. The guest/isolation mode by itself would help lots of home users that have no desire to share anything between their many PCs... that just wants Internet Access... while not protecting them from bandwidth theft, it is an easy thing for home users to enable and at least keep neighoring eyes of their PCs.