CAMBRIDGE, Mass. -- With common sense and a basic understanding of how wireless security works, an enterprise can...
keep its wireless LAN protected from intruders using the security standards and practices available today.
During "Wireless Hacking Exposed," a session hosted by the Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), Steve Rampado, a senior manager of enterprise risk services for Deloitte and Touche LLP, said a wireless network can become far more secure simply by implementing a few minor changes when establishing the network.
Make it simple
At first glance, many of the security precautions -- like changing default passwords and IP addresses -- appear to be something that an IT department would implement automatically. However, Rampado said 30% to 40% of ISACA clients do not change the configuration of their service set identifier (SSID), which is in essence the name of the network.
The SSID is actively broadcast by the network's access point, and is the first part of the discovery process for a hacker attempting to find unsecured wireless networks.
"Disable [SSID], there is no valid reason for broadcasting it … by preventing that discovery, you lessen your chances of becoming a target of opportunity," he said.
As an example of how the underground community has set about identifying open networks, Rampado brought up the act of "war chalking," or marking, the sidewalk outside of a building that's home to an exposed wireless network access point so that others can tap in.
Money for nothing
In one other instance of gross wireless negligence, Rampado said 80% of his clients have installed out-of-the-box wireless routers on their internal networks. He said that essentially bypasses all the time and money many companies spend on firewalls and intrusion prevention systems.
"What you now have is a direct path right into the internal network," Rampado said. "In some cases, they still had the [Dynamic Host Control Protocol] server -- which hands out IP addresses on the internal network-- enabled so you're giving the hacker his own IP address."
The solution, he said, is to put the device outside of the firewall and treat it as an untrusted device, as you would a Web server.
Making the LEAP
Other small but important tips for securing a wireless network included radio frequency management. Poor RF management, Rampado said, will lead to unnecessary transmission to unwanted areas.
For instance, Rampado said he was able to access the wireless network of a Fortune 500 client from a park bench that was two miles away from the company's building.
A final security feature that is integral to a secure wireless network is encryption. Rampado said that even weaker encryption like Wired Equivalent Privacy (WEP), which has only one Web key, is better than nothing, and offers a first line of defense for the network.
For more robust, enterprise-caliber security, Cisco's Lightweight Extensible Authentication Protocol (LEAP) offers encryption with minimal performance hits.
Rebecca Chien, a senior auditing specialist with the Prudential Financial Group, said her company has not yet adopted wireless technology, but there was interest among those in higher management.
Chien said, at present, there were far too many security concerns with wireless technology, especially with sensitive financial transactions.
FOR MORE INFORMATION:
Get Lisa Phifer's advice on configuring SSIDs.
Download our white paper on wireless hacking.