5 Tips for Tightening Your Wireless Network's Security

How do you keep your wireless network safe? Here are five strategies.

1. Assume you already have a problem. "A CEO shouldn't make the 'Three Mile Island' mistake," says Mike Klein, the chief executive for Interlink Networks, a wireless network security software company in Ann Arbor, Mich. "Don't assume the probability of an incident is low, and then ignore it. It's important to understand that most security breaches go undetected. A hacker who can freely access your network, or monitor your network traffic, is likely to do so undetected - reading confidential information and gaining competitive advantages over the airwaves."

Tip: There are a number of useful intrusion-detection applications, from stand-alone solutions such as the open-source Snort (www.snort.org) to Windows Small Business Server's integrated intrusion-detection mechanisms, which can alert you when a specific attack is launched against your network.

2. Get a security policy in place. "If a business has deployed wireless, they must take the necessary steps to make sure it is secure," says Mike Peters, director of consulting for Calence, a Tempe, Ariz., networking company. "If a business has not deployed wireless as part of its IT infrastructure, the chances are pretty good that someone in their organization has installed a wireless access point for their own convenience. The first step any organization must take is to develop a comprehensive security policy document."

Tip: For details on how to write an effective security policy document, you might want to either hire a consultant or check out some of the literature, including Scott Barman's book, "Writing Information Security Policies."

3. Build a wall, not a quilt. Many security issues happen because you buy hardware and software from multiple sources, which is more likely to result in a quilt security solution instead of the wall that you want. "When installing a wireless network, most small businesses don't realize the importance of sticking with one vendor across the board," says Josh Radlein, a wireless systems engineer for CDW, a provider of technology products and services in Vernon Hills, Ill. "Problems can arise when mixing various vendor products, causing weak areas prime for security attacks."

Tip: Obviously, sticking with one vendor can solve the problem. But is it working? Try downloading the Microsoft Baseline Security Analyzer, which scans single systems or multiple systems across a network for common system misconfigurations and missing security updates.

4. Crank up your settings. "Wireless Encryption (WEP) should be turned on and set at the highest level," advises Gary Miliefsky, chief executive of PredatorWatch, a Chelmsford, Mass., security management company. "Administrative user name and passwords need to be changed immediately and frequently." (He says this will at the very least slow the wireless hackers down and act as a deterrent to casual cyber-thieves.)

Tip: Even with your settings turned up, you still need to make sure you get your latest patch or firmware upgrade for your wireless router. If possible, buy one that comes with a built-in firewall and learn how to use it and properly configure it.

5. Don't be afraid to take drastic measures. Anil Khatod, president of AirDefense, an Atlanta wireless network security firm, says that 30% of his clients have determined wireless networks to be so risky, that they don't have them. "But even if you keep employees from using wireless, you still want to track rogues in your air space," he says. Where? They can pop up anywhere, from wireless-enabled laptops accessing your network through conventional means to PDAs, cell phones, printers and even barcode scanners. Several businesses have banned or limited cell phone use at work - a radical solution, yes, but if you're worried about the safety of your network, it's one worth considering.

Tip: There are other steps you can take, short of unplugging your network, that a professional can assist you with. They include using encrypted e-mail, switching to a more secure protocol, hiding your access points' service set identifiers (SSID) and requiring authentication between a device and an access point.

Wireless network security isn't the kind of problem that will go away if you ignore it. Odds are that if you haven't thought about it, it's already an issue. But there's a way to address this through careful planning, conservative software and hardware configuration and outside-the-box thinking.