our company | our solutions | custom applications | secure hosting | managed services | technology consulting | news | contact us | home
 
Articles
Listen to Radio Interview
Evolving Threat
Evolving Threat Webinar
Addressing the Top 5 IT Concerns for Financial Advisory Firms
What Are You Doing to Stop Security Saboteurs?
Commonwealth boosts security with Pragmatix Gold Contract
A Tech World
Controlling the IT, Compliance Strain
Is Wireless Safe?
Send hackers packing: Education and data security - prepare for potential problems
Disaster Recovery and Continuity: What Every Business Owner Needs to Know
IT Watch/Disaster Recovery (IE only - video inside)
Disaster Recovery Made Easy
What small-business owners should know about e-mail
Selecting a Web Hosting Provider
Print Media - Buy, Build, or Both?
Press Releases
4/25/08 IBM Recognizes Pragmatix as Leader for Small Business Solutions
03/17/08 VAI Teams with Pragmatix to Expand Software as a Service Customer Base
10/16/07 Pragmatix Expands Services with BlackBerry® Support
ARCHIVE >>
 

Is Wireless Safe?
By BILL ABRAM
As seen on SmartBiz.com
August 21, 2006

Networked laptops and other devices enable employees to work remotely and provide better service to customers and prospects. There is a downside, however: Insecure systems can cripple your business.

Is Wireless Safe?
Westchester County, NY recently annouced legislation (to take effect in October) that will require businesses on a wireless network to provide security to that network’s users. A test conducted by the County’s CIO resulted in the identification of 248 wireless networks that were vulnerable to security breaches.

A network without security is only as good as its weakest point. Once a network has been breached, the damage inflicted can be crippling. Whether the intent is to steal sensitive data or wreak havoc, Trojan horses or other malicious code can remain undetected for months. While intrusion detection software can serve as an early warning in most cases, the best hacks may go completely undetected until it’s too late.

It Can Happen to You
Of course, recent headlines about data security breaches all over the world speak for themselves. For instance, in one of our nation’s largest security breaches, about 2.2 million active-duty military, Guard and Reserve members were victims of identity theft as a result of a stolen laptop computer. The data included addresses, phone numbers, addresses, birth dates, Social Security numbers and names.

More stories abound: Transaction information from 1.4 million credit cards was stolen from DSW. Checking account numbers and driver license numbers were also obtained from 96,000 checks. CNN.com reported that the national police website of Sweden was shut down after a possible hacker attack.

Viva Le Difference
In order to properly understand how to secure a network, it is first important to understand the differences between a wired network and a wireless network. A wireless network is fairly easy and relatively inexpensive to set up. It uses no wires, but instead radio waves that allow users to access the network without “plugging in.”

A wired network is the “traditional” network setup, with which many of us are familiar. It involves one or more computers that utilize Ethernet cables, routers, hubs, switches and modems. It requires that the computers be plugged in to an Ethernet port to communicate with each other.

Wireless systems, increasing in popularity, may soon become the norm. When securing a wired network, the most important security component is a firewall – a system that prevents unauthorized access from a private network. No network should exist without a guard from online spies. The following steps will ensure a safe network if implemented properly:

  • A DMZ should be created for forward-facing servers to keep them separate from other parts of the network.
  • Create a separate network for users and servers to make it harder for users to inadvertently cause server problems.
  • Enact network authentication to keep unauthorized users from plugging in.
  • Disconnect Ethernet ports not being used; this will discourage unauthorized visitors from accessing your trusted network.
  • If possible, enforce logon times via the network OS, so users are not logging on when they should not be.

Of course, security in a wireless network differs from that of a wired network, primarily because anyone can log onto a wireless network. The following steps should be considered when evaluating the safety of a wireless network:

  • Purchase a wireless router or access point with WPA encryption. WPA was created in response to several weaknesses inherent in the previous security system - WEP
  • Enable WPA on the wireless router for encryption; WEP is still usually the default, so make sure you enable WPA or WPA2.
  • If the router or access point SSID is set to broadcast its presence, it is akin to an invitation for entry.
  • The network encryption pass phrase should be lengthy and include special characters, such as $ or *, plus a combination of letters and numbers.
  • Setting up a firewall between a wireless network and a more secure wired network is imperative. Every client computer on the network should have a software firewall installed, such as Norton personal Firewall, the Windows XP Professional SP2 Firewall, or the Sygate Personal Firewall.
  • The wireless network should be limited to the specific MAC for the network computers.
  • Try not to store sensitive data on any computer using a wireless network; they are inherently less secure then a wired network.
  • Limit ports and protocols to segregate potential traffic that may access different internal networks from less secure wireless networks.
  • Do not allow access into more secured networks where servers reside without first authenticating against a VPN server.
  • Always consider anything on a wireless network suspect; never keep any information on a wireless network that would cause problems if stolen.
  • Make sure your wireless network does not allow traffic to pass through the internal network to reach the internet. Due its inherent broadcast nature, a wireless network should be treated as a DMZ.

The Bottom Line
Network security is imperative to all businesses. A company’s longevity depends on it. Customers do not want to conduct business with a company that might compromise the security of their personal information. Not only is it difficult to remain competitive when trade secrets are published online, but what happens if data gets into the hands of competition? Lastly, when a system is breached, negative publicity surrounding that event can compromise future revenue potential.

With the appropriate amount of planning and diligence, a wireless network can be as secure as wired one. Since courts and legislators are increasingly holding corporations to a higher standard when it comes to safeguarding sensitive data, perhaps the large fines due to security breaches will prompt business leaders to focus on the safety and security of their customer data.

Some Terms to Know
It may seem like alphabet soup, but there are some key terms related to wireless safety. Here is a sample:

  • DMZ: Demilitarized Zone. A sub-network that sits between a trusted internal network and an untrusted external network.
  • WPA: Wi-Fi Protected Access encryption; WPA was created in response to weakness inherent in the previous security system, WEP .
  • WEP: Wired Equivalent Privacy.
  • SSID: Service Set Identifie. All wireless devices attempting to communicate with each other must share the same SSID.
  • MAC: Media Access Control.
  • VPN: Virtual Private Network.

        Copyright 2008 Pragmatix 565 Taxter Road, Elmsford, Westchester County, NY 10523 P: 914-345-9444
Pragmatix Services | Pragmatix IT Solutions | Clients | About Pragmatix | Contact Us | Privacy | Site Map