US-CERT Cyber Security Tip ST05-003 -- Securing Wireless Networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                           Cyber Security Tip ST05-003
                           Securing Wireless Networks

   Wireless networks are becoming increasingly popular, but they
   introduce additional security risks. If you have a wireless network,
   make sure to take appropriate precautions to protect your information.

How do wireless networks work?

   As the name suggests, wireless networks, sometimes called WiFi, allow
   you to connect to the internet without relying on wires. If your home,
   office, airport, or even local coffee shop has a wireless connection,
   you can access the network from anywhere that is within that wireless
   area.

   Wireless networks rely on radio waves rather than wires to connect
   computers to the internet. A transmitter, known as a wireless access
   point or gateway, is wired into an internet connection. This provides
   a "hotspot" that transmits the connectivity over radio waves. Hotspots
   have identifying information, including an item called an SSID
   (service set identifier), that allow computers to locate them.
   Computers that have a wireless card and have permission to access the
   wireless frequency can take advantage of the network connection. Some
   computers may automatically identify open wireless networks in a given
   area, while others may require that you locate and manually enter
   information such as the SSID.

What security threats are associated with wireless networks?

   Because wireless networks do not require a wire between a computer and
   the internet connection, it is possible for attackers who are within
   range to hijack or intercept an unprotected connection. A practice
   known as wardriving involves individuals equipped with a computer, a
   wireless card, and a GPS device driving through areas in search of
   wireless networks and identifying the specific coordinates of a
   network location. This information is then usually posted online. Some
   individuals who participate in or take advantage of wardriving have
   malicious intent and could use this information to hijack your home
   wireless network or intercept the connection between your computer and
   a particular hotspot.

What can you do to minimize the risks to your wireless network?

     * Change default passwords - Most network devices, including
       wireless access points, are pre-configured with default
       administrator passwords to simplify setup. These default passwords
       are easily found online, so they don't provide any protection.
       Changing default passwords makes it harder for attackers to take
       control of the device (see Choosing and Protecting Passwords for
       more information).
     * Restrict access - Only allow authorized users to access your
       network. Each piece of hardware connected to a network has a MAC
       (media access control) address. You can restrict or allow access
       to your network by filtering MAC addresses. Consult your user
       documentation to get specific information about enabling these
       features. There are also several technologies available that
       require wireless users to authenticate before accessing the
       network.
     * Encrypt the data on your network - WEP (Wired Equivalent Privacy)
       and WPA (Wi-Fi Protected Access) both encrypt information on
       wireless devices. However, WEP has a number of security issues
       that make it less effective than WPA, so you should specifically
       look for gear that supports encryption via WPA. Encrypting the
       data would prevent anyone who might be able to access your network
       from viewing your data (see Understanding Encryption for more
       information).
     * Protect your SSID - To avoid outsiders easily accessing your
       network, avoid publicizing your SSID. Consult your user
       documentation to see if you can change the default SSID to make it
       more difficult to guess.
     * Install a firewall - While it is a good security practice to
       install a firewall on your network, you should also install a
       firewall directly on your wireless devices (a host-based
       firewall). Attackers who can directly tap into your wireless
       network may be able to circumvent your network firewall--a
       host-based firewall will add a layer of protection to the data on
       your computer (see Understanding Firewalls for more information).
     * Maintain anti-virus software - You can reduce the damage attackers
       may be able to inflict on your network and wireless computer by
       installing anti-virus software and keeping your virus definitions
       up to date (see Understanding Anti-Virus Software for more
       information). Many of these programs also have additional features
       that may protect against or detect spyware and Trojan horses (see
       Recognizing and Avoiding Spyware and Why is Cyber Security a
       Problem? for more information).
     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder, Matt Lytle
     _________________________________________________________________
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-003.html>

     Copyright 2005 Carnegie Mellon University

     Terms of use

     <http://www.us-cert.gov/legal.html>
 
 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQgE3NRhoSezw4YfQAQI0MQgAhGDFYW1OjFMaP1oi5ex+extt6hPQZX9H
qyIBnC+RHRKan2sZeQofwiiyQJtJILLXSQf+0bheHqvF8zNwdciFxlovDXis6IEK
7TxbTbApDtVfsiyOCOa4xSyDW3TFqzWJEBZeiKdi9tcBIz2mR57Ijf8P+uJA86A3
nURXfs3L/+SsyNIwK80HkFLhxh06q7nEWgQ6qlN5rMSpWOZO6T9ZqimHMueUT88M
tP8Xofti/OWjCuwq2U13DISz5gRFXJkHvW6wTusXey2AnDNoSDoLB5TQstu8f/AM
x1fBeoZYGJK7dsVdN6fUt0/jUX5xOgSr5Q8XvFAA7WgL/29Z65aQDQ==
=OIJa
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux