Wireless Network Security
Why It's Important
Wireless networking is so easy to set up that it is often set up without a Company's knowledge and in violation of the Company's security policies. It was through an unauthorized misconfigured wireless access point that led to the big TJX security breach in 2006. Be sure to get permission from your Company's IT department before you set up a wireless network. At MSU Denver, the Division of Information Technology is solely responsible for the deployment of wireless access points connecting to the university network.
The internet is now over 35 years old, but wireless computer networking isn't nearly as old and the technical standards are still being developed. In addition to all of the same security risks that a wired network has, wireless networking introduces a few additional security problems.
Many wireless networks (Hot Spots) do not require any kind of authentication or encryption. Therefore, anyone with a wireless laptop computer is able to monitor all of the communications that take place on these wireless networks. Some networks still use the obsolete Wireless Equivalent Privacy (WEP) to encrypt communications but newer wireless networks now support the stronger more secure WPA (Wi-Fi Protected Access) and WPA2 to encrypt wireless network connections.
Because of security issues, users should avoid conducting on-line banking or other confidential communications across a wireless network unless the wireless connection is encrypted and additional encryption, such as SSL or IPSec, is also being used. The Auraria Campus wireless network does not perform user authentication or encryption at this time. Encryption, user authentication, and additional services may be provided over the Auraria Campus wireless sometime in the future.
What You Can Do About It
Wireless networking can be made more secure by following these simple guidelines:
- Only use equipment that is 'Wi-Fi Certified'. See: http://certifications.wi-fi.org
- Change the default name (SSID) of your wireless network. Consider using a long silly name for your SSID.
- Change the default management password on the wireless access router.
- Position the wireless access point away from outside windows and as close to the center of your intended coverage area as possible.
- Enable WPA2 or WPA encryption if your equipment supports it. Otherwise, enable a WEP key. Use the largest encryption number your equipment can support.
- Require additional authentication and encryption by a firewall or other gateway.
- There is very little security benefit from disabling SSID Broadcasting or enabling MAC address filtering.
- Disable "Ad-hoc" networking in the wireless configuration on your laptop.
- Turn off the wireless network on your laptop when you are not using it.