-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA1<br /><br /><br /> Cyber Security Tip ST05-003<br /> Securing Wireless Networks<br /><br /> Wireless networks are becoming increasingly popular, but they<br /> introduce additional security risks. If you have a wireless network,<br /> make sure to take appropriate precautions to protect your information.<br /><br />How do wireless networks work?<br /><br /> As the name suggests, wireless networks, sometimes called WiFi, allow<br /> you to connect to the internet without relying on wires. If your home,<br /> office, airport, or even local coffee shop has a wireless connection,<br /> you can access the network from anywhere that is within that wireless<br /> area.<br /><br /> Wireless networks rely on radio waves rather than wires to connect<br /> computers to the internet. A transmitter, known as a wireless access<br /> point or gateway, is wired into an internet connection. This provides<br /> a "hotspot" that transmits the connectivity over radio waves. Hotspots<br /> have identifying information, including an item called an SSID<br /> (service set identifier), that allow computers to locate them.<br /> Computers that have a wireless card and have permission to access the<br /> wireless frequency can take advantage of the network connection. Some<br /> computers may automatically identify open wireless networks in a given<br /> area, while others may require that you locate and manually enter<br /> information such as the SSID.<br /><br />What security threats are associated with wireless networks?<br /><br /> Because wireless networks do not require a wire between a computer and<br /> the internet connection, it is possible for attackers who are within<br /> range to hijack or intercept an unprotected connection. A practice<br /> known as wardriving involves individuals equipped with a computer, a<br /> wireless card, and a GPS device driving through areas in search of<br /> wireless networks and identifying the specific coordinates of a<br /> network location. This information is then usually posted online. Some<br /> individuals who participate in or take advantage of wardriving have<br /> malicious intent and could use this information to hijack your home<br /> wireless network or intercept the connection between your computer and<br /> a particular hotspot.<br /><br />What can you do to minimize the risks to your wireless network?<br /><br /> * Change default passwords - Most network devices, including<br /> wireless access points, are pre-configured with default<br /> administrator passwords to simplify setup. These default passwords<br /> are easily found online, so they don't provide any protection.<br /> Changing default passwords makes it harder for attackers to take<br /> control of the device (see Choosing and Protecting Passwords for<br /> more information).<br /> * Restrict access - Only allow authorized users to access your<br /> network. Each piece of hardware connected to a network has a MAC<br /> (media access control) address. You can restrict or allow access<br /> to your network by filtering MAC addresses. Consult your user<br /> documentation to get specific information about enabling these<br /> features. There are also several technologies available that<br /> require wireless users to authenticate before accessing the<br /> network.<br /> * Encrypt the data on your network - WEP (Wired Equivalent Privacy)<br /> and WPA (Wi-Fi Protected Access) both encrypt information on<br /> wireless devices. However, WEP has a number of security issues<br /> that make it less effective than WPA, so you should specifically<br /> look for gear that supports encryption via WPA. Encrypting the<br /> data would prevent anyone who might be able to access your network<br /> from viewing your data (see Understanding Encryption for more<br /> information).<br /> * Protect your SSID - To avoid outsiders easily accessing your<br /> network, avoid publicizing your SSID. Consult your user<br /> documentation to see if you can change the default SSID to make it<br /> more difficult to guess.<br /> * Install a firewall - While it is a good security practice to<br /> install a firewall on your network, you should also install a<br /> firewall directly on your wireless devices (a host-based<br /> firewall). Attackers who can directly tap into your wireless<br /> network may be able to circumvent your network firewall--a<br /> host-based firewall will add a layer of protection to the data on<br /> your computer (see Understanding Firewalls for more information).<br /> * Maintain anti-virus software - You can reduce the damage attackers<br /> may be able to inflict on your network and wireless computer by<br /> installing anti-virus software and keeping your virus definitions<br /> up to date (see Understanding Anti-Virus Software for more<br /> information). Many of these programs also have additional features<br /> that may protect against or detect spyware and Trojan horses (see<br /> Recognizing and Avoiding Spyware and Why is Cyber Security a<br /> Problem? for more information).<br /> _________________________________________________________________<br /><br /> Authors: Mindi McDowell, Allen Householder, Matt Lytle<br /> _________________________________________________________________<br /> <br /> This document can also be found at<br /> <br /> <http://www.us-cert.gov/cas/tips/ST05-003.html><br /><br /> Copyright 2005 Carnegie Mellon University<br /><br /> Terms of use<br /><br /> <http://www.us-cert.gov/legal.html><br /> <br /> <br /> <br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v1.2.1 (GNU/Linux)<br /><br />iQEVAwUBQgE3NRhoSezw4YfQAQI0MQgAhGDFYW1OjFMaP1oi5ex+extt6hPQZX9H<br />qyIBnC+RHRKan2sZeQofwiiyQJtJILLXSQf+0bheHqvF8zNwdciFxlovDXis6IEK<br />7TxbTbApDtVfsiyOCOa4xSyDW3TFqzWJEBZeiKdi9tcBIz2mR57Ijf8P+uJA86A3<br />nURXfs3L/+SsyNIwK80HkFLhxh06q7nEWgQ6qlN5rMSpWOZO6T9ZqimHMueUT88M<br />tP8Xofti/OWjCuwq2U13DISz5gRFXJkHvW6wTusXey2AnDNoSDoLB5TQstu8f/AM<br />x1fBeoZYGJK7dsVdN6fUt0/jUX5xOgSr5Q8XvFAA7WgL/29Z65aQDQ==<br />=OIJa<br />-----END PGP SIGNATURE-----