Five steps to securing wireless

Communications News, Nov, 2003 by J. Stuart Broderick

Until corporate buildings are designed/rebuilt to prevent radio signals from escaping, all companies have their own private buildings, wireless security standards are established and wireless devices conform to them, wireless security challenges will remain in the hands of IT administrators.

To that end, organizations should first assess the costs and benefits of deploying wireless LANs in their environment before leaping into Wi-Fi. Then, if the ROI of implementing wireless is justifiable, corporations can take steps to strengthen the security of their Wi-Fi environments.

1. Design and plan the wireless environment. From a security standpoint, installing access points away from exterior walls on a separate network outside the corporate firewall is preferred rather than on the same network as other resources. The wireless hardware should be upgradeable and standardized for easier compatibility, administration and upgrading.

2. Enable 128-bit or greater wired equivalent privacy (WEP) encryption, where possible. While WEP is not overly difficult to crack, encryption can he effective in reducing unauthorized network access. The higher the encryption key size, the harder it is to decrypt. Some wireless access point devices that have larger WEP keys might be incompatible with older wireless cards.

3. Change the default service set identifier (SSID). The new SSID name should net identify a specific user. The company, a wireless device or any other aspect of the wireless environment. Also, as soon as an access point is installed, its default user name and administrator password should be changed, following standard practices fur strong password selection.

4. Install security software on wireless devices. Just as firewalls, antivirus and intrusion detection are routinely used to protect desktops from hackers, viruses and other malicious code, these applications also provide the same protection to wireless devices.

5. "War drive" or "war walk" the area. After the wireless network is set up and security measures implemented, the IT administrator should test the signal area, including exterior locations, such as nearby parking lots, to look for potential weaknesses. This process should be repeated every time changes are made to the configuration of network devices.

For more information from Symantec: www.rsleads.com/311cn-264

J. Stuart Broderick is director of Symantec security services development at Symantec Corp. in San Antonio.