Aujas Networks Private Limited
Blog Home |Careers | Contact | Sitemap
 
   
   
 
Download
 
Aujas in the news
Aujas launches Phishing Diagnostic Services
Launches its first solution targeted towards addressing People Risk. Read More >>
  
 
Know More
Call us at +91 80-40528257 Request more  information
Call us at +91 80-40528257 Call us at +91-80-40528527
Aujas Blog Blog
Aujas Security Newsletter Security Newsletter
Aujas RSS Feeds RSS Feed
News & Events
Press
News
Events
Videos
 
Home > News & Events > News

News
Tips for Securing Your Wi-Fi Networks
By Manjula Sridhar, Dec.04, 2008

As of this writing, the state of Wi-Fi security is alarmingly weak as measured by the survey conducted by Deloitte in Mumbai, one of the financial hubs.

The key findings as quoted from the survey are:
"Of the 6729 wireless networks seen, 36% appeared to be unprotected i.e. without any encryption, 52% were using low level of protection i.e. Wired Equivalent Privacy (WEP) encryption. Balance 12% was using the more secure Wi-Fi Protected Access (WPA). This makes 88 % of the observed wireless networks relatively easy to compromise."
 rao

In a Wi-Fi scenario, security can be compromised in two ways:
  • Your Modem or Router getting hacked into
    • In this scenario issues arise from the fact that external entities will try to get into your network by hacking into the Wi-Fi signal of your enterprise. Another serious issue is when a rogue Access Point (AP) that can be set up in your Enterprise's physical vicinity with a stronger signal, can redirect your employees to connect to that AP.
  • Your Employees connecting to Rogue Access Points
    • The second situation usually arises out of your employees traveling with the laptop and connecting to various public networks. This could happen from connecting to rogue AP, insecure AP or a peer to peer network from an ad hoc user.
The following are the measures that should be undertaken to address these issues.

1. Protection from Hackers connecting to your network
Wi-Fi security can be protected by measures depending on the budgetary resources, time constraints and network infrastructure needs. Usually layered security works best and a well thought out plan needs to developed.

2. Sanity Measures
Secure the modem/router itself with some strong user name and password for administration access. Physical security is also a factor to consider if needed. Change the default SSID to something appropriate, but that doesn't add too much to security as this gets broadcast.

3. Encryption/Privacy
Wi-Fi at this point in time provides three ways of encryption namely WEP, WPA and WPA2. WEP and WPA are known to be insecure. Please use WPA2 as the encryption option. It provides two modes personal or enterprise mode. Personal or pre-shared key mode (PSK) is easier to configure and doesn't need additional infrastructure. However this may not be suitable for stringent security measures. In Enterprise mode, WPA gets integrated with AAA server based on RADIUS and EAP (extensible authentication protocol). But this requires additional investments in AAA server.                                                                                                                | Top |

4. Use Wireless Intrusion Prevention Systems
As you see the security measures mentioned above have some issues that still need to be addressed and managed. For stringent security needs it is better to invest in a Wireless Intrusion System that not only takes care of the above issues including the following.

Rouge AP's masquerading as Enterprise Wi-Fi Router / Evil Twin attack
  • "Unauthorized association"
  • "Adhoc networks"
  • "MAC spoofing"
  • "Denial of Service"
  • "Man in the middle attacks"
  • " Monitoring and Alarm generation"
5. Protection from Rogue APs
Rouge AP security issues could arise from a rogue AP lurking around your office and from your employees outside your office accessing APs for internet access. While WIPS can address the issue of rouge IP in the neighborhood of Enterprise WLAN, issues of mobile workforce still needs to be addressed.

6. Awareness and Policy enforcement
The first step is making sure that your mobile workforce is aware of the Wi-Fi security issues. It needs to be enforced by guidelines and policies that establish the W-Fi access rules. Some sanity measures that needs to be employed by the mobile workforce are
  • "Disable Wi-Fi while not using internet"
  • "Turning off AdHoc networks so that peer to peer connections won't happen"
  • "Connecting to only secure and authorized Wi-Fi APs"
  • "When using public APs limit the internet activity to browsing and avoid accessing sensitive information"
  • "Use VPN based access for sensitive applications"
Further these need to be extended to all mobile devices that provide Wi-Fi access such as mobile phones, laptops and blackberries.

7. Install Personal Firewalls on Enterprise Laptops
Many newer firewalls exist which safeguard laptops from connecting to Rogue APs and enforce rules and guidelines. These will also make sure VPN is used for accessing the internet.

8. Conclusion
Finally security is never a onetime activity. Continuous monitoring and management are required to take care of churn, new vulnerabilities, patch management and other dynamic events. Make sure your regular security audits cover the Wi-Fi aspects in depth.                                                                                                                | Top |

Source:http://www.cxotoday.com/India/CXO_Views/Tips_for_Securing_Your_Wi-Fi_Networks/551-96029-1006.html
   
 
 
© 2009 Aujas Networks Private Limited. All Rights Reserved.
Terms of Use | Privacy		 About Us | Services | Solutions | Industries | Clients | Partners | Insights | News & Events