Friday, March 01, 2002

Partnership bolsters wireless instant messaging [IDG InfoWorld] 11:56:37 PM     comment Going Wireless?  Windows of  Opportunity or Doors of Entry? If you haven't heard about Wireless Access Points [WAPs in the world of wireless] then you probably haven't visited your nearby computer store recently.  Once only in use by a relative few, wireless networks are popping up in offices and in home networks.  The potential and convergence of 802.11b with emerging 2.5G and 3G technologies into 4G will lead the way for companies to take a serious look towards a LAN that is anyplace, anytime access to information.  The first part of 2001 saw strong growth in the Wireless market.  They are easy to use, easy to install and easy to configure.  The recent news that the Instititute of Electrical and Electronics Engineers (IEEE) Task Group's 802.11b wired equivalent privacy (WEP) security protocol is less secure than originally thought as well as the impact of September 11th, caused a slowdown in growth.  At the same time, the ability for Wireless LANs to be able to quickly  be set up after disasters has made some companies still keep them in their plans.  Users are currently willing to trade off the security gaps for the mobility that the Wireless LANs provide.  Personally I have set up a WAP in my home to have the ability to access the Internet and my home server [yes, I have a Microsoft Small Business Server set up in my home to fully test software in this environment before implementing it at my office], and network resources such as laser jet printers, color printers and other devices.  It provided me with the ability to have access to my DSL connection on a laptop that is downstairs.  I have an older home so that I would have had to install the Ethernet cable in the walls [or rather my Father would have had to], and I would have had to identify the place in the downstairs where I would have had to permanently place the ehternet connection.  With the wireless connection, I can connect from anywhere in the house, and can even still access the network resources while walking out the front door and even into the backyard.  Admittedly, I do look a bit foolish walking around the front yard carrying around a laptop!  Connected Home Magazine http://www.connectedhomemag.com has several resources on wireless LAN installations in a home enviroment. Low cost and the fact that wireless is very easy to set up has made wireless networking easy to adopt.  But this also means that wireless networking is many times set up without the appropriate security.  RSA Security recently chartered a study in London that showied that 67 percent of Wireless LANs have no security.  Other surveys in New York, Bostom and San Francisco showed that 50 percent of the wireless LANs had security and 50 percent did not.  Many of these companies who had Wireless LANs deployed also had large budgets allocated and spent towards firewalls and VPNs to keep out unwanted users, but in a sense had a welcome mat out at the back door.  Wireless security must address the same elements that typical security does:  privacy, authentication, and access control.  In many of the existing 802.11 products, 128 bit encryption is available.  At all costs, you should avoid any product that only offers 40 bit encryption.  You should be aware that the 802.11b WEP is known from being insecure.  Therefore, if you plan to utilitize wireless for critical data, you should take addtional measures and you cannot assume that the wireless product by itself for protection of sensititive data. Here are some suggestions for additional security layers: 1.  Use WEP to encrypt data while in transit.  If you are going to transmit, you will need to look into end to end security to protect that data. 2.  Walk your property to determine how far your Wireless Access Point actually transmits and document this. 3.  Change all defaults such as the default access point service set ID. 4.  Disable the broadcast SSID feature. 5.  Change the SNMP default community strings  [passwords].  This is recommended as well due to a potential vulnerability that was identified by SANS with devices that use SNMP.  6.  It is highly recommended that you only install Wireless Access Points that have MAC [machine access control level - ethernet] address authentication to ensure that only those devices will utilitize the WAP. 7.  Consider disabling DHCP [dynamic host configuration protocol] on that WAP.  DHCP by design makes it easy for outside clients to obtain connection information.  RSA and Hifn have a proposed fix to the WEP encryption and most WLAN vendors should be releasing a patch based on this.  Bottom line as in any network technology, you must spend time investigating and examining the risks and opportunities. For more information check out the February edition of InfoSecurity Magazine and these resources: http://www.3com.com http://www.alvaka.net http://www.instat.com http://www.entersys.com http://www.enterprisemanagement.com http://www.esecurityonline.com http://www.fortresstech.com http://www.gnc.com http://www.hifn.com http://www.integralis.com http://www.iss.net http://www.netmotionwireless.com http://www.netseal.com http://www.nomadix.com http://www.prime-uk.com http://www.pumatech.com http://www.rsasecurity.com http://www.safewww.com http://www.signaservices.com http://www.systemexperts.com http://www.utimaco.com 12:09:01 AM     comment

© Copyright 2002 E-Bitz - MS Small Business Server MVP. Last update: 3/1/2002; 12:09:04 AM. This theme is based on the SoundWaves (blue) Manila theme.