In this ever changing world, wireless communications has become a major platform for communications at work and at home. With popular mediums (Cell phones, PDA’s, Gameboys, Wii, Netbooks, iPods, etc…) like wireless devices, there are many advantages and disadvantages in operating wirelessly. No matter how you feel about the advantages or disadvantages of the devices, they need to be protected, along with setting up some form of security. On the website Howstufworksvideo (12) they show you the basics on how to setup home Network Security. You can go there can see how it is done. Just a few years ago, (25 Sep 07) there were some so-called experts saying that there was no need to secure your wireless system. In an article, David Ramel alleges that the importance of wireless security is overhyped, that it's now trivial to secure wireless nets and that IT pros have far more serious security concerns they should be addressing -- while home users have little to lose even in the remote chance someone tries to breach their network. (3) This person was obviously living in a sheltered environment because identity theft and credit card theft was out of control then. Now he is saying don’t worry about protecting your network and to just hold on to your wallet; basically. Either he was very innocent or totally clueless and is eating humble pie about now. Here are a few disadvantages. A limited spectrum, war driving, interfering signals can be generated by other devices in the office environment, for example printers, microwave ovens and other electromechanical devices. Wireless is a public frequency network therefore its interface is highly risky because anyone can pick up your signal. No matter how your cut it, wireless is easier, more convenient and is here to stay, so you must protect is. Preston Gralla of Computerworld wrote an article on “How to protect your wireless network (1) on the same day at Ramel wrote his but they saw tings totally different. Preston stated that bad guys will target you like war drivers and hacker. There are more reasons to protect your network. “It may not just be malicious attackers who cause problems. If you don't change the defaults of your wireless network, a neighbor with the same router make and model might accidentally connect to your network, stealing your bandwidth or reconfiguring your router and network without your knowledge” (1) In another article he says if you are not protecting your wireless network, “you're playing Russian roulette -- and the chamber is loaded with multiple bullets”. How’s that for an example. One way to fight this is to. Control the wireless signal. Typically 802.11b WAP transmits up to about 300 feet. However, this range can be extended farther by a more sensitive antenna. By attaching a high gain external antenna to your WAP, you can get a farther signal out but this may expose you to war drivers and others outside your house. A directional antenna will transmit the signal in a particular direction, as appose to an omnidirectional antenna that usually comes built into most WAP. So, carefully selecting an antenna is important to control both the signal range and its direction to help protect it from outsiders. There are many ways to setup wireless security. But if you really want to set it up correctly, there are five basic principles of security design you must follow in order to ensure you are doing it correct. These five key security principles are Layering, Limiting, Diversity, Obscurity, and Simplicity. Each one has its own level of importance and it depends on how important your system is but if you follow these basic principles you should be secure. We will go over each principle and step to ensure your system gets the attention and level of security it needs. The first principle is Layering; wireless security should be created in layers. “Securing information and systems against the full spectrum of threats requires the use of multiple, overlapping protection approaches addressing the people, technology, and operational aspects of information systems. This is due to the highly interactive nature of the various systems and networks, and the fact that any single system cannot be adequately secured unless all interconnecting systems are also secured. By using multiple, overlapping protection approaches, the failure or circumvention of any individual protection approach will not leave the system unprotected. Through user training and awareness, well-crafted policies and procedures, and redundancy of protection mechanisms, layered protections enable effective protection of information technology for the purpose of achieving mission objectives.”(5) One of the most obvious ways of protecting your wireless devices is securing them in a safe place, away from thieves and accidental intruders. This is where a good background in physical helps. Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts.(6) Adding security guards may deter some thieves but not all in a bank. If they shoot the guards, the security cameras will not stop them either. They will have to climb over the counter to get to the register and by that time the alarm would have gone off by then. The vault is the main objective but few robbers made it in and out of the vault without getting caught. So most robbers stop at the register because it is too risky and time consuming to enter the vault. That is a good example of layering. Just substitute money for data and put the equipment in the vault and add extra guards for a firewall. But you should never set up your firewall to be your last point of protection. You should build your system as though the firewall will get compromised Limiting is another part of protecting your system. You should always limit access to information to reduce the chance of threat against the company’s most valuable asset, information. These some of the things you can do to make your system more secure. Only grant access to those who need it. Giving access to more than the people that need the data will open your system up for failure. They all should not just have a need to know but an actual task to do with the information. Using passwords is a form of limiting only authorized personnel on the system. Remember you are limiting access to some areas also to protect you r system. Password protecting Windows will keep most people out of your computer but it won’t stop them all. Some people can get into a password protected Windows computer in less than 2 minutes. You can password protect the whole computer by putting a password into your computer’s system settings. No, these aren’t Windows settings; these are your computer’s motherboard settings. For some systems, this may not work. Your system will need to have an option in its settings for password protection. If it isn’t there you can’t do it. Follow these steps to setup a system password, do the following: 1. When you boot your computer, look for instructions for running or entering setup. They are usually at the bottom of the screen. In most systems you press the delete key and it enters setup right after the memory test. Again, this is WAY before windows even starts running. 2. Now all these setup screens tend to be a little different. You’ll probably scroll through items using your tab, page up / page down, or arrow keys (sorry, no mouse support here). Look for something about system security or passwords and head there. 3. From here, there is probably some kind of password setup. Select it and you should be able to put in a password (probably with a confirmation password). 4. Finally, exit the system settings. There should either be some kind of menu item or you just hit the escape key. Either way, you’ll probably be asked if you wish to save the new settings, say yes. Your computer should re-boot and ask you for a password from now on. These are probably the most difficult types of passwords to get through. The only way I know of bypassing it is to clear the CMOS memory from the motherboard, and you would need the specs on the board to do it. (7) Next, you need to diversify. It’s similar to layering, in layering; each layer must be different so that the hacker would need a different tool or technique to go any farther. Using diverse layers of defense, means breaching one wireless security layer does not compromise the entire system. Most Wi-Fi access points and routers ship with a feature called hardware or MAC address filtering. This feature is normally turned "off" by the manufacturer, since it requires a little of effort to set up correctly. However, to increase the security of your Wi-Fi LAN (WLAN), strongly consider enabling and using MAC address filtering. With no MAC address filtering, every wireless client could join your Wi-Fi network if they know your SSID and your encryption keys. When MAC address filtering is enabled, however, the AP or router performs an extra check on a different parameter. The more checks that are performed on the network, the higher the chances of preventing network hacker from break-ins.
To set up MAC address filtering, the WLAN administrator will configure a list of clients that will have access to the network. First, acquire the MAC addresses of each client from its operating system or configuration utility. Then, they enter the addresses into the configuration screen of the wireless AP. Then, turn on the filtering option. After enabled, each time the wireless access point or router receives a request to join with the WLAN; it compares the MAC address to the administrator's list. Clients on the list authenticate as normal; clients not on the list are denied access to the WLAN. MAC addresses on wireless clients can't be changed as they are burned into the hardware. However, some wireless clients allow their MAC address to be "impersonated" or "spoofed" in software. It's certainly possible for a determined hacker to break into your WLAN by configuring their client to spoof one of your MAC addresses. Although MAC address filtering isn't bulletproof, still it remains a helpful additional layer of defense that improves overall Wi-Fi network security. (9) You can find the MAC address for your network adapters on your devices by following these steps: First Click Start and then Run > Type command and press Enter > Type ipconfig /all in the command prompt window and press Enter > Find the line labeled physical access address in the resulting information. That is the MAC address for that adapter. (8) “Security Through Obscurity (STO) is the belief that a system of any sort can be secure so long as nobody outside of its implementation group is allowed to find out anything about its internal mechanisms. Hiding account passwords in binary files or scripts with the presumption that "nobody will ever find it" is a prime case of STO. Security Through Obscurity is a philosophy favored by many bureaucratic agencies (military, governmental, and industrial), and it used to be a major method of providing "pseudosecurity" in computing systems. Another way to "hide" from hackers who use the more common 802.11b/g wireless technology is to go with 802.11a instead. Since it operates on a different frequency (the 5 GHz range, as opposed to the 2.4 GHz range in which b/g operate), NICs made for the more common wireless technologies won't pick up its signals. Yes, this is a type of "security through obscurity" but it's perfectly valid when used in conjunction with other security measures. After all, security through obscurity is exactly what we advocate when we tell people not to let others know their social security numbers, address and other identification information. The bad part about 802.11a, and one of the reasons it's not as popular as b/g, is that the range is shorter in distance than b/g. It also has difficulty penetrating walls and obstacles. From a security standpoint, this "disadvantage" is actually an advantage, as it makes it more difficult for a hacker to intercept the signal even with equipment designed for the technology. Its usefulness has declined in the computing world with the rise of open systems, networking, greater understanding of programming techniques, as well as the increase in computing power available to the average person. The basis of STO has always been to run your system on a "need to know" basis. If a person doesn't know how to do something which could impact system security, then s/he isn't dangerous. Admittedly, this is sound in theory, but it can tie you into trusting a small group of people for as long as they live. If your employees get an offer of better pay from somewhere else, the knowledge goes with them, whether the knowledge is replaceable or not. Once the secret gets out, that is the end of your security.
Nowadays there is also a greater need for the ordinary user to know details of how your system works than ever before, and STO falls down as a result. Many users today have advanced knowledge of how their operating system works, and because of their experience will be able to guess at the bits of knowledge that they didn't "need to know". This bypasses the whole basis of STO, and makes your security useless.
Hence there is now a need is to create systems which attempt to be algorithmically secure (Kerberos, Secure RPC), rather than just philosophically secure. So long as your starting criteria can be met, your system is LOGICALLY secure.
"Shadow Passwords" are sometimes dismissed as STO, but this is incorrect, since (strictly) STO depends on restricting access to an algorithm or technique, whereas shadow passwords provide security by restricting access to vital data.”(10) While trying to fool the hackers and making your network as secure as possible there is one problem that all of this cause and can make all your other attempts fail. That is making the system so complex that the people working on it are so confused that they can’t use the system or bypass all of your security just to do their job and opening up the system for hackers waiting to take off your system. There needs to be a medium that all employees can follow. In a word “Simplicity”, Sometimes the must simplest things are the most secure when they are followed. Protecting a system from many forms of attacks require complex configuration but it can’t be confusing to the people that operates the system. So the challenge is to make your system complex and also possible to break-in and at the same time make it simple enough to be operated from the inside. One way to do it is by using firewalls. Wikipedia defines firewall as a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. (11) You can use multiple firewalls to protect your network. The Firewall is rules based meaning you have to give it a set of instructions to follow when it receive packets from the internet. It will allow, block or prompt you to do something. There are different types of packets, Stateless packets looks at the incoming packets to allow or deny access based on the instructions or rules you gave it. Stateful packets keep a record of the state of a connection between an internal computer and an external server. With that information it can determine whether or not to give it access base on the rules you gave it. While the infrastructure is doing all the complex work, the users don’t have to concern themselves with it. With recurring training and awareness briefings, you can have a complex system that is simple to operate. These are the ways you can use to setup security for your wireless network. You can use some or all of the examples given in the paper but remember your system is as secure as its weakest link. If the system is too complex to operate you may be wasting your money, time and effort. And always remember that the importance of the information you are protecting should match the security measures you are taking to protect it but you should use something no matter what the information is.