Bite-sized Good Practice Guide: Wireless LANs

advertisement
 Make sure that your wireless network is based on
WPA (WiFi Protected Access) security or
equivalent as a minimum. Do not base your
network on older WEP (Wired Equivalent Privacy)
technology as this has a number of known
weaknesses.
 Ensure that factory default settings in your wireless
equipment have been changed.
 Ensure that strong passwords are set wherever it is
possible to set them to minimise the potential for
hackers to gain access to the network.
 Consider using an encrypted virtual private network
to ensure that any connection to the network is
granted only to authorised users, is password
protected, and any data transmitted is kept hidden.
Remember:
Do
 check your organisation’s policy on wireless
computing
 make sure that you seek professional guidance
when selecting a wireless system to ensure
minimum security requirements are met
 ensure that all security settings are enabled and
defaults have been changed
 ensure that all computers on the network are using
desktop firewall facilities to deny any unauthorised
access
 report any suspected network security breaches to
your IT support department.
 Wireless access points should run at a low power
level to reduce the ability of computers in nearby
buildings or public areas from detecting your
wireless signals. If access is poor then more
access points should be added. Avoid placing
access points near to windows or public areas
wherever possible.
Don’t
 Ask your network manager to consider installing a
radius service which allows more sophisticated
management of legitimate users.
 try to configure the wireless network settings
yourself unless you really know what you are doing your network may still be vulnerable
 allow the use of wireless devices on your network
unless adequate security measures are in place
 connect to someone else’s unsecured WLAN just
because you can - it is illegal.
Further information
NHS Connecting for Health
For information on application security in the NHS
nww.connectingforhealth.nhs.uk
Get Safe Online
For general information about wireless network security,
visit
www.getsafeonline.org/nqcontent.cfm?a_id=1151
Good practice guide
© Crown Copyright, July 2008
Ref: 4163
Wireless LANs
What is a LAN?
A local area network (or LAN) is a way of connecting a
number of computers together, which are located in
the same vicinity such as an office building, usually for
file and printer sharing purposes.
Traditionally, connection to the network has been
made via physical cables plugged into each device,
linking all the computers and special network
connectivity equipment together.
What is a wireless LAN?
A wireless LAN (or WLAN) is exactly that. Modern
technology now allows this same connectivity to take
place without the need for each device to be physically
attached to the network using wires or cables.
The technology uses the transmission of radio type
waves to enable communication between computer
devices to take place over a limited area. This gives
users the mobility to move around freely within the
coverage area without losing connection to the
network. It also means that users do not have to
connect at designated workstation areas, but can work
from anywhere they choose within the general
coverage area.
Traditional LANs can be extended by adding wireless
technology relatively easily and cheaply.
Wireless desktop computers, laptops and other
devices are becoming increasingly popular both in the
workplace and at home. The main reason for this trend
is that wireless computers are relatively easy to
deploy, inexpensive and usually simpler to manage
than standard wired connections. Smaller
organisations with, say, less than 150 users find that
wireless computing frees them from the conventional
restrictions of cabling.
There are two main types of wireless networking:
 peer to peer, which allows computers to ‘talk’ directly
to each other; or
 via an access point, which is a device that allows
several devices to link together, and can provide
further communication with the wired LAN.
Once a wireless access point has been installed, new
computers and laptops can be added to the network
without any further wiring requirements. Users can
connect to the internet, send and receive emails, and
do all the tasks they need to do just as they did
before, but with increased mobility.
What are the risks?
Unfortunately there are risks associated with the use of
wireless LANs. In particular, the question of security is
quite often overlooked unless the wireless equipment
has been installed with the guidance of an IT expert,
and in accordance with any information security policies
and procedures (assuming that such policies are in
place).
There are two main reasons for ensuring that your
wireless LAN is secure:
1 Security of your data
The whole concept of wireless is about
broadcasting, which means that the information
doesn’t just go to the target wireless connection,
but is also available to anyone within broadcasting
range. Furthermore, it is not just the transmitted
information that is at risk, but potentially all other
data held on your computer or LAN such as user
IDs and passwords, bank details and any other
personal data that you wouldn’t wish to be generally
accessible. This could lead to theft of confidential,
personal and organisational information and has
serious implications for compliance with the Data
Protection Act 1998; in particular the 7th Principle
which requires that “appropriate technical and
organisational measures shall be taken against
unauthorised or unlawful processing of personal data
and against accidental loss and destruction of, or
damage to, personal data”.
2 Unauthorised use of your network facilities
If your wireless LAN is unsecured, anyone within
broadcasting range can pick up a connection and
essentially ‘piggy-back’ off your wireless access point
to obtain an internet connection, for example. This
could be achieved quite simply by someone using a
wireless laptop from their car parked outside your
building. And very worryingly, if your connection is
used for any illegal activity, such as perpetration of
fraud or accessing illegal images from the internet,
you or your organisation could be held responsible,
even if you had no idea who actually did it.
What precautions can I take?
Depending on your level of technical expertise, you
should probably seek expert advice to guarantee that
your wireless LAN is appropriately secured. The
following points are provided to try to help you to
understand the kind of questions and terminology that
you may need to ask about or gain assurance for. Many
of the tools you need will be built into the wireless
systems, or additional software can be purchased to
provide further safeguards:
Ensure that the built-in wireless security features are
enabled. Quite often the default settings will not have
security enabled.
Download