Wednesday, July 23, 2008

Wireless Security (Part 2)

Securing your network

As I stated in previous posts, wireless does not respect physical boundaries. They will transmit outside you building walls to the next apartment, house or business and so the information that you transmit on your network is potentially detectable by people outside of your network.

Because wireless networks must share the air waves with other access points and wireless devices it uses a method to identify itself. This method uses the SSID that programmed into the access point to identify itself to network interface cards and that network interface cards use to identify transmissions targeted to the access point. This is the name that you see when ask for a list of available access points when you connect to a wireless access point. There are two way to increase the security of your access point using the SSID.

The first method involves stopping the transmission of the SSID identification by your wireless access point. When you do this your access point will not show up in the list of available connections. This means that if someone does not know the name of your access point they cannot connect to it. It also means that you must use a different, manual method of connection to your network. The exact method to connect to your wireless network is dependent on the vendor of your wireless care and if you use the vendor's software to manage the connection or use the software built into your OS to perform this task.

The second method involves changing the default name of your access point. All access points have a default SSID programmed into them. As an example Linksys access points use "linksys", Netgear uses "default" and Sonicwall uses "sonicwall". If you do not change the default SSID name then you reduce the minimal security that turning off SSID identification provides. By using the default you reduce the list of possible names to a very small list making it easy for a potential hacker to get into your network.

While turning off SSID broadcast and changing the name will allow casual users from getting into your network it will not keep more determined hackers out of your network. Why is this you might ask? The answer lies in the information that is used to help the access point determine if a transmission is for it. The SSID and other information is used for this and if you a hacker can sniff for this information and decode it from the transmission. So by using your wireless network you are sending the information needed to connect to your network.

As you can see, turning off SSID broadcast and changing the name of your SSID does not provide much security but it is a start. Next week I will talk about how to increase the security of your network to the next level.


 

Happy computing

Thomas Clark, CTO Elk Creek Technology Partners

Your partners in Small Business Technology

http://www.elkcreektechpartners.com/
Posted by Elk Creek Technology Partners at 9:33 PM 0 comments

Friday, July 4, 2008

Wireless Security (Part 1)

Why should you worry about wireless security?

Wireless can be convenient and easy to use, eliminates the need for wiring and allows you to be connected to your network without being in your office freeing you to work where ever you want (as long it is in range of your wireless access point). Because the wireless signal does not respect the physical boundaries of your location wireless security is critical to the security of your data. Imagine that you have a network jack on the outside of your building that anyone could connect to and use. How would that affect your view of security?

There are people that look for free bandwidth for their computers. They will drive around and detect wireless networks and connect to them. They use high gain antennas to gather signal and so they could be further away than you would expect and still be able to use your bandwidth. In most cases they are just looking for free bandwidth however once they are on your network they can look for unsecure file shares and grab information from your hard disk.

Also the criminal element looks for open wireless connections and then uses the connection for illegal purposes. This can open you up to violation of the terms you agreed to when you joined your ISP, causing possible service interruption or cancelation of your service.

Because you can receive further than you transmit with Wireless, your network traffic could be sniffed without connecting to your network. People could listen to your personal information as it goes out on the internet without any indication your data is being watched.

As you can see, the same attributes that make Wi-Fi so appealing to users are the same attributes that make it potentially insecure. You need to secure your Wi-Fi networks.

Next week I would talk a little about how to secure your wireless network.

Happy computing,

Thomas Clark, CTO
Elk Creek Technology Partners
http://www.elkcreektechpartners.com/
Posted by Elk Creek Technology Partners at 8:58 AM 0 comments
Labels:

Tuesday, June 24, 2008

Wireless

In general wireless is more convenient and does not require additional wiring. This is a blessing for older building and homes that do not have the infrastructure to allow a wired connection. Wireless also allows users with laptops to connect outside of their office area. It allows the laptop to be used in the conference room as well as the desktop. In cases where a wireless connection is used to create a connection where wiring would be difficult or impossible it can be much less expensive to implement.

Despite the convenience and lower cost of wireless, it is not always a viable solution for connections to your network. The success of wireless in a particular environment depends on a number of issues. The first is the distance to the access point and the materials between the device and the access point and the amount of interference from local devices in the area such as 2.4 GHz wireless phones and other devices that omit radiation in the 2.4 GHz band. These factors determine the speed and reliability of the connections. The second is the sensitivity of an application to temporary loss of connection between the client and the server. If the application cannot tolerate any loss of connection then wireless will not work and in most cases the software vendor will not recommend or support their application on this environment. I have seen cases where a wireless connection was the cause of data loss because the connection between the device and the server was broken during a database transaction and the database was corrupted and had to be restored from the latest backup.

Notice I have not talked about security and wireless. This is a different and much more complicated issues that I will cover in a future blog.

So here is a general recommendation for wireless.

  1. Use wired connections for your network whenever possible. Only use wireless when a wired connection cannot be created or in a temporary situation where a wired connection is not available.
  2. If you are using wireless for your practice software and you are sharing the data with other computers check with the software vendor to determine the support it provides for a wireless environment. If the practice software vendor does not support a wireless environment then you should not use wireless to run your practice software. If you decide to go ahead with it anyway then beware of possible problems and less than enthusiastic support from the vendor.
  3. Wireless networking works well for general computing tasks such as web browsing, general file sharing, downloading files and downloading email. In cases like these a lost connection will not cause data loss and once a lost connection is restored you can pick up where you left off and continue to work.
  4. Never use a wireless connection to connect a server to your network.

If you need to use wireless here are some suggestions for help to improve the chances of a successful implementation.

  1. Have a plan in place for your wireless implementation. Determine where you will be using wireless and ensure that your plan takes that into account.
  2. Remove all 2.4 GHz phone and non-network wireless devices from your environment. The phones can be replaced with 5.8 GHz phones if you require this type of service.
  3. Have a network technician or engineer perform a site survey to look for interference and determine the best channel for your wireless access point. Also note that Microwave Ovens can radiate in these bands and are a possible source of interference for wireless network devices.

Happy Computing
Thomas Clark, CTO Elk Creek Technology Partners, Colorado Springs, CO

http://www.elkcreektechpartners.com/

Posted by Elk Creek Technology Partners at 6:12 PM 0 comments
Labels:

Introduction

In this blog I plan to talk about issues with the installation and operation of small business technology. Some of the issues are warnings about what to avoid and some will be problems and solutions, if they exist. I will add to the blog weekly more or less depending on my schedule. I look forward to helping you be successful with your technology.

Happy Computing
Thomas Clark, CTO Elk Creek Technology Partners, Colorado Springs, CO
http://www.elkcreektechpartners.com/
Posted by Elk Creek Technology Partners at 6:11 PM 0 comments
Labels:
Subscribe to: Posts (Atom)