- May 10, 2010
- Posted by: Paul Avolio
- Category: Information Technology
Wireless is one of those double edged swords: it can serve a great function, but if it is not done right it can leave your systems open and vulnerable.
The upside of wireless networking is eliminating one more cable. You also have certain conveniences like working from a conference room without having to hunt for a data cable, working from a coworker’s desk on your own laptop while they work from their computer or even working from the outdoor patio for a bit so you get to see at least a little sunshine during the day. And all of this without having to string cables for people to trip over.
The downside to this wonderful convenience is that if you don’t have it setup correctly you leave your company open to attack. In 2007 TJX (the parent company of TJ Maxx and Marshalls) found out the hard way that having outdated security on your wireless networks is not a good idea. Hackers breached the TJX network through wireless access points on their network that were configured with the WEP (Wired Equivalency Protocol) encryption standard. This standard had been cracked and considered untrustworthy in 2004, but TJX was slow to update its policies and systems. Because of this slow adoption of newer standards, hackers were able to access the company network from the parking lot of a Marshalls’ department store and over a period of time made off with the credit card and personal information of more than 45 million customers.
Now, imagine if your business’s wireless network does not even have that level of encryption enabled. Without securing your wireless network with a password anyone within range can access unsecured files on your computers. They can even monitor the traffic on your network to steal and crack passwords that would allow them to get further into your systems. Not to mention they can use your internet access, reducing your internet speeds.
I am not telling you all this to scare you into purchasing some bit of hardware or software that costs thousands of dollars or that takes hours and hours of consulting time to setup. I am telling you because you can enable security that (with a long password) is currently secure against all but the most extreme circumstances. In less than 5 minutes you can enable this security on whatever wireless device you have at the office or at home. If it does not have the options I am about to tell you then you have had it for over 5 years and it is time to replace it anyway.
What you want to look for is called WPA (Wi-Fi Protected Access) encryption or WPA2 (the newer, stronger version of WPA). WPA requires a password of at least 8 characters, the more the better. There are two options for WPA: personal and enterprise. The enterprise option requires setting up certificates on every computer. Certificates are digital files stored on the computer that act sort of like keys or giant passwords. These offer an even higher level of security with the trade off of requiring more management than just entering a password. WPA Enterprise can be a good way to manage large wireless networks because it is a lot harder for someone to get a hold of the certificate than it is to get the password from another user.
Of course if security is of the utmost importance you might consider if wireless is worth any risk. If you do have needs for wireless there are ways to allow wireless access to the internet or only to specific internal resources without exposing your entire network. For instance, we have setup systems for many companies that allow wireless access in their conference room with little or no security for their employees and clients to use, but that access is for internet use only and is not connected to any internal servers or resources.
I hope this helps you to carefully consider the pros and cons of wireless access at the office. I am sure if you don’t already know the answer you will soon be checking to see what level of encryption (if any) your network is setup for.