• United States



by Tom Wailgum

How to Secure Wireless LANs

Jul 01, 20062 mins
CSO and CISOIT LeadershipMobile Security

Tips for making wireless LANs secure

  1. Decide why you need wireless.

    Who will use it? For what? Quantify the costs (including security) and benefits (such as increased productivity).

  2. Publish (and publicize) network policies. The cube dweller who plugs his wireless router into an Ethernet port probably doesn’t have evil intentions. But this access point now sits behind the firewall and most intrusion-detection systems can’t see it. Define when people can use the wireless LAN, when they can’t and guest-access use, says Ellen Daley, principal analyst with Forrester Research.
  3. Always authenticate. The 802.1x standard for port-based authentication is a top tool. The protocol behind 802.1x is called EAP, for extensible authentication protocol; it uses encrypted tunnels to exchange information between device and network. According to WLAN vendor Aruba, although an intruder can monitor the exchange over the air, data inside the encrypted tunnel cannot be intercepted. EAP is used on wired networks so it can be part of a unified network strategy. Its mutual authentication ability ensures that the network they’re seeing is legit—and not a hacker’s fake access point. Other tools: client-based software from AirDefense and AirMagnet; and network admission control, or NAC, a Cisco-led authentication scheme that screens WLAN devices for malware.
  4. Encrypt well and password protect. In March, the Wi-Fi Alliance said that WPA2—the strongest encryption specification for 802.11—was required on Wi-Fi–enabled products. WPA2 stands for Wi-Fi Protected Access 2 and is the long-awaited successor to WPA (which itself supplanted the earlier wired equivalency protocol, or WEP). Turn it on. Strong user names and passwords are a must.
  5. Sniff out bad guys. New tools can detect, locate and shut down attacks before they do damage. Vendors such as Airespace (a Cisco subsidiary), Aruba, Network Chemistry and Symbol offer technologies that can detect and fend off unauthorized intruders at access points.
  6. Segregate visitors. Torrance Memorial Medical Center provides its five-building campus with 100 percent coverage, says IS Director Bill Tomcsanyi. He set up an open network for guests and a secure network with encrypted access for employees.