IT Management Daily
Storage Daily
Security Daily
 FREE NEWSLETTERS
search
 

follow us on Twitter


internet.commerce
Be a Commerce Partner

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers




Security Products
 FB Limiter (AxiomCoders)
 Keylogger Free Download (Free keylogger download)
 Software Keylogger (Software keyloggers)
 Facebook Password Recovery (XaviWare Software Ltda.)
 BlockAllow (BlockAllow)
 AW GoOn (AtelierWeb Software)
» Enterprise IT Planet » Security » Security Features

AO Spotlight: Wireless Security Overhaul

June 3, 2005

Email Print Digg This Add to del.icio.us

stock photography
Wireless, wireless, wireless...

It seems the world is in a mad rush to flee their desks and join the happy, untethered masses. But before experiencing the indulgence of authoring a memo in a sun-filled spot of your office complex (sipping a refreshing drink, of course) there's some work to be done.

Naturally, you'll want to defend against the occasional wardriver, but the real threats you want to keep off your network are data thieves, information brokers and the less-than-ethical competition. To accomplish this, companies need to establish clear and definitive policies and procedures that takes into account hundreds of users, dozens of APs and the impact of wireless access on your existing wired infrastructure.

No need to fret. You're not the first to be charged with a big Wi-Fi implementation, and you surely won't be the last.

This week, AO experts help a member draw up a plan of attack, providing some handy tips that bring security, stability and convenience to the fore, while keeping aggravation at a minimum.

Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.

This Week's Spotlight Thread:
Wireless Security Overhaul

The_Captain writes:

I have the feeling I am going to be asked to perform a major overhaul to the wireless security policy and practices of my company's network. You may, after reading this, find security to be completely an afterthought in my institution and I will readily agree with you.

Here's the overview:

38 Wan sites (hardwired, bandwidth is a commodity)
300+ Cisco 1100b and 1100G access points (all documented and locally manageable)
1000+ laptops (centrally managed)

(If you're wondering, no, my network is not all wireless. This is just the WLAN information.)

I have inherited a wireless network that is "secured" by merely disabling SSID broadcasts. I mentioned to one of the bosses today that it isn't even really a security policy and he told me he'd be calling me tomorrow to talk about changing that. Well, the way I look at it is it eventually needs to be done so I might as well be the one to do it...

XTC46 offers the following advice:

For this I would force authentication via username/password and make all sites authenticate from a central server (or multiple servers that replicate data). There are many ways to do this. It will basically give them a connection to the server that allows the authentication but they get nothing else until they authenticate.

This way no matter what site they use they can authenticate without using MAC filtering. But for this I would make log the MAC address just for record keeping sake and so you can more easily trace problem computers from network to network.

I would defiantly enable WPA if possible. But WEP might only be available to you. Make the key secure, but not so difficult that your help desk will get slammed when people need to get on.

Spyrus says:

I would start with 128-bit encryption and proceed from there. If you have the means, XTC46 is dead on with setting up a server for authentication purposes. I am a bit confused why the access points are going to be being moved around on the switch ports.

In my setup, about the same size as yours, we have the same WEP key setup on all the access points, we have SSID turned on, makes it a tad bit easier for me when I do an audit to see if something popped up that doesn't belong. We have all our WAP's on a separate VLAN and all the wireless uses a different IP range than the rest of our network.

In your situation, as in mine, MAC filtering is ridiculous as there are too many computers for it to be effective, however, as mentioned, you should run a log that grabs the MACs, and if you are doing authentication, the computer name and login name.

What are your pointers for enterprise-class Wi-Fi overhauls and deployments? Discuss them here.

Email Print Digg This Add to del.icio.us

Security Features Archives



Internet.com
The Network for Technology Professionals

Search:

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Solutions

Whitepapers and eBooks

50 Reasons Developers Will Love Internet Explorer 9
IBM eBook: Getting Started with Adobe Flex
Development Teams Rejoice: IBM Rational Team Concert 3.0 is almost here!
IBM Resources: Get up to speed with IBM WebSphere cloud and virtualization technologies
Let Your Sites Shine: Web Content Can Now Come Forward
PDF: Bridge the Gap Between Development and Operations for Portal and Web Security
PHP for Windows Showcase
PDF: Economics of Computing - The Internal Combustion Mainframe
Resource: PHP for Windows Showcase
 Whitepaper: Five Ways to Fast ROI with Business Rule Management Systems
IBM Cloud Computing Development Center
PDF: IBM Lotus Notes and Lotus Domino Software
Helpful Cloud Computing Resources
PDF: Dispelling the Vapor Around Cloud Computing
Research Brief: How Forward-Thinking Marketing Organizations Deliver Competitive Differentiators
Whitepaper: Accelerate ROI for BPM with Rapid Deployment
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

LIVE IBM Event: Managing Application Development in the Cloud--Thursday December 16 at 11am EDT
IBM Webcast: Accelerate Software Delivery with Social Software
IBM Cloud Computing for Developers Virtual Events
Spend Less Time Rewriting Your Sites to Work Across Browsers
 Webcast: Information & Analytics: The Secret Weapon of Top-Performing Companies
Software License Operations - Cleaning Up the Backoffice
All About Cloud Computing
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Microsoft Download: Windows API Code Pack
Download: IBM DB2 Express-C
Download: The Microsoft Web Platform Installer
 New: Internet Explorer 9 Beta -- Download Now!
IBM System x and BladeCenter Virtualization Kit
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Build a More Competitive Business with Technology � Product & Service Innovation
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products
 MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES