Upgrading and Repairing Networks (5th Edition)

Using wireless technology opens up the possibility of security breaches. Thoroughly read the documentation that comes with your choice of devices to find out what kind of security features can be enabled. It's probably best to associate the wireless network adapters you buy with one or more access points, depending on the work habits of the user . Also note that many devices come with default settings and that these are known to anyone who owns a similar device or who cares to look up the information on the Internet. For example, you might be required to designate a password or group name for each wireless adapter that matches the one used by the access point. This assignment is usually done using a direct connection to the router and filling in a few HTML forms.

Similarly, a configuration CD or utility comes with most wireless adapters enabling you to modify their configuration to match that of the access point.

Change any default settings used to match up wireless adapters and access points to use a value other than the default. Use the security features of your operating system to monitor wireless users. For example, I'd be more concerned with a Windows 2000 user's resource access permissions if the client computer uses a wireless network card than I would if it were wired directly to the network. Keep in mind that Wi-Fi devices can implement the Wireless Equivalency Protocol (WEP) for security. However, the weaker 40-bit key used by WEP doesn't provide a lot of security. Some wireless networks can be configured to encrypt using a stronger 128-bit WEP key, but even this level of encryption is vulnerable to a number of workarounds. It should suffice for most situations because in most situations you don't expect someone to be attempting to tap into your network. However, where security is a critical issue, WEP in its present form isn't something you should bet your business on.

The Wi-Fi Alliance has already released specifications for a successor to WEP. The Wi-Fi Protected Access standard is more secure and most vendors are expected to provide software/firmware to upgrade older models to use this new security functionality. Considering the value of data, buying WPA or adding it at a later time is probably a good idea. Remember that it's easier to eavesdrop on a wireless network because you don't have to make any connections to a cable, as in a wired network. Radio waves are out there for anyone within range of your technology to pick up. So, keep security in mind and look for WPA when buying new devices.

The Protected Access standard will provide a more secure encryption algorithm and enhanced user authentication. The latter was a very weak point for WEP. Next in line for wireless security is the IEEE 802.11i standard.

You can learn more about wireless security in Chapter 24, "Other Wireless Technologies."

In any case, it's easy to set up auditing for important resources and to review them using the Event Viewer in Windows 2000 and Server 2003. No matter how safe you think your network is, there's no excuse for not auditing (and checking the audits ) to ensure that your security measures are working. Looking for such things as a large number of login failures can alert you to someone trying to break into your wireless network. Unix and Linux (using the syslog utility) can also be used to look for system auditing information. The syslog utility can be configured to also send alerts, by email and other means, so that you can be informed quickly of any possible security breaches (or attempts).

For more information about auditing, see Chapter 47, "Auditing and Other Monitoring Measures."

Another cause for concern is that wireless networking enables the computer to be mobile. A user can take his computer home. Although you might be able to stop users from downloading prohibited Internet files at work, you can't always police what they do at home. It's a simple matter to pop out the wireless networking adapter and pop in a modem (or better yet, simply use a wireless access point at home also, because it is so inexpensive). As with any computer that leaves the company premises, a regular audit of software on the system should be performed, and your security policy should state what the computer can ”and cannot ”be used for. Of course, this should be a standard procedure for all computers on your network.

Категории