Department of Information Technology | Security Tips: wireless network security

| Metro State Home | Information Technology Home |

Services
Help Desk
Training
MetroConnect
Procurement
Faculty Services
Web & Instructional Technology
MetroNet
Policies

Computer Labs
Information
Services
Hours
Policies
Contact

Security
Information Security
MetroProtect
Security Policies
Security Forms
Virus Alerts

Office of the CIO
Chief Information Officer
Management Team
Staff

Security Tips: wireless network security

The internet is now over 35 years old, but wireless computer networking isn't nearly as old and the technical standards are still being developed. In addition to all of the same security risks that a wired network has, wireless networking introduces a few additional security problems.

Many wireless networks (Hot Spots) do not require any kind of authentication or encryption. Therefore, anyone with a wireless laptop computer is able to monitor all of the communications that take place on these wireless networks. Some networks still use the obsolete Wireless Equivalent Privacy (WEP) to encrypt communications but newer wireless networks now support the stronger more secure WPA (Wi-Fi Protected Access) and WPA2 to encrypt wireless network connections.

Because of security issues, users should avoid conducting on-line banking or other confidential communications across a wireless network unless the wireless connection is encrypted and additional encryption, such as SSL or IPSec, is also being used. The Auraria Campus wireless network does not perform user authentication or encryption at this time. Encryption, user authentication, and additional services may be provided over the Auraria Campus wireless sometime in the future.

Wireless networking is so easy to set up that it is often set up without a Company's knowledge and in violation of the Company's security policies. It was through an unauthorized mis-configured wireless access point that lead to the big TJX security breach in 2006. Be sure to get permission from your Company's IT department before you set up a wireless network. At Metro State, the Division of Information Technology is solely responsible for the deployment of wireless access points connecting to the College network.

Wireless networking can be made more secure by following these simple guidelines:

Only use equipment that is 'Wi-Fi Certified'. See: http://certifications.wi-fi.org
Change the default name (SSID) of your wireless network. Consider using a long silly name for your SSID.
Change the default management password on the wireless access router.
Position the wireless access point away from outside windows and as close to the center of your intended coverage area as possible.
Enable WPA2 or WPA encryption if your equipment supports it. Otherwise, enable a WEP key. Use the largest encryption number your equipment can support.
Require additional authentication and encryption by a firewall or other gateway.
There is very little security benefit from disabling SSID Broadcasting or enabling MAC address filtering.
Disable "Ad-hoc" networking in the wireless configuration on your laptop.
Turn off the wireless network on your laptop when you are not using it.