At
Magnutech, we consider ourselves "Pioneers in The Industry"
and we are excited to be involved in this rapidly deploying
technology.
|
|
We
offer front to end service for residential and commercial
industries...
Magnutech
Inc. proudly incorporates and distributes Microsoft
Software
and Linksys Hardware to
bring the best solution to our customers.
|
|
|
We
used to work hard...
Then
we got smart...
Now
you can to!
Call
us.
|
How to stay secure when you go wireless
Networking
Long gone are the days where the workplace was the only place
you could work.
Companies today are staying agile and competitive by decentralizing
their operations among branch offices, "virtual" offices
and home offices. Workers themselves are spending increasing
amounts of time away from the office on business travel.
One of the major components of this new flexibility is wireless
networking and the mobility and productivity that it allows.
Workers equipped with wireless local-area network (WLAN) client
adapters and with secure virtual private network (VPN) client software
in their portable computers can leverage emerging public WLAN services
to remain as productive as they would in a company office.
However, with that mobility and flexibility come security challenges,
particularly in the wireless sector. Successfully addressing security
is critical to maintaining the business resilience that has long
characterized the U.S. economy.
WLAN security at work
A solution for mobility within the enterprise includes an access
point, ideally one with both IEEE 802.11b (11 megabits per second)
and 802.11a (54 Mbps) networking standards, as well as client adapter
cards and a server that controls authentication.
Despite the significant productivity-enhancing potential of a
wireless LAN, many enterprises have been hesitant to fully embrace
them, largely because of security concerns. These worries were
fueled by reports in 2002 that the basic security algorithm in
the IEEE 802.11b wireless LAN standard is easy to crack.
These vulnerabilities have since been overcome by a series of
security enhancements, which include reinforced encryption and
authentication, and permit IT departments to loosen restrictions
on users without sacrificing network security.
What are the security risks associated with wireless networks?
In general, enterprises must protect themselves from unauthorized
individuals gaining access to corporate servers or "stealing" data
in transit. They also need to guard against denial-of-service attacks
on corporate Web servers, which clog them up with bogus service
requests and prevent user and customer access to data and services.
These vulnerabilities exist in wired networks too. But wireless
LANs open additional exposure that must be addressed specifically,
because radio signals can penetrate walls. If the proper security
mechanisms are not in place, someone outside a building but within
range of an access point could circumvent the firewall and hop
onto the enterprise network.
Enterprises using wireless LANs can deploy four distinct forms
of security.
Open access (no security): The primary reason some enterprise
installations have no security is that, in accordance with IEEE
802.11b specifications, systems ship by default with basic encryption
disabled, and companies are not turning it on.
Basic security: Even when these features — called Wired
Equivalent Privacy (WEP) — are activated, the static nature
of the WEP encryption key still leaves companies at risk. Static
encryption keys rarely change, leaving hackers plenty of time to
decode them.
Enhanced security: Within the enterprise, enhanced security is
recommended, while specialized security in the form of a virtual
private network (VPN) based on the IP Security (IPSec) standard
is appropriate for users on the road. For enhanced security within
the enterprise, Extensible Authentication Protocol (EAP) expands
security, which enables per-user, per-session authentication. Along
with the client being authenticated to the access point, the access
point must also be authenticated to the network.
Specialized security: Some products also support dynamic encryption
keys, which add per-packet keying, fast re-keying, and message
integrity checks to 802.11 security. Together, these capabilities
make sessions nearly impossible to hack.
WLAN security on the road
All traveling business users need in order to use these services
are the appropriate client adapters in their portable computers
to access wired or wireless networks. As mentioned, VPN client
software is highly recommended for security (for more on VPNs,
see this article).
When users connect to their corporate network from the road, IPSec
VPN software protects against hack-attacks on remote-access connections.
It consists of two components: client software that resides in
the users' mobile computer, and a security gateway at the corporate
site. Encrypted tunnels run between the client and the gateway,
which terminates the tunnels and decrypts data.
For public wireless LAN services, IPSec VPNs are especially encouraged.
Access points in these locations generally run with their vendor-specific
security mechanisms disabled to encourage open access to all potential
users. Since the radio signal does not have any physical security
associated with it, strong encryption in the wireless access network,
supplied by the client VPN software, prevents hackers from stealing
data out of the air.
WLAN security at home
Workers at home require secure, high-speed connections to their
corporate networks. Sometimes the access services available in
the various employee locations differ, so a company might need
to support a mix of ISDN, DSL, cable modem and other broadband
connections.
So while an organization may not be able to standardize on the
type of broadband network service used by its telecommuters (teleworkers),
it can standardize on a single equipment platform. Keep this in
mind when you select a broadband access router as your platform
for at-home workers. One key feature in your router should be a
security/firewall that blocks unwanted users and data.
IPSec VPNs again come into play for securing connections from
the users' home site across the public Internet to the corporate
VPN gateway. There are several equipment options for telecommuter
security; the choice often depends on the equipment available from
the service provider. Here are some:
Routers with built-in security. This includes stateful inspection
firewall capabilities and VPN support with IPSec 3DES encryption.
Stand-alone firewalls. If a router isn't an option, a firewall
can help secure your home network.
VPN hardware and software. To ease the administration of corporate
telecommuting programs, central IT staff can use special software
that distributes predefined security policies out to large numbers
of routers and security appliances within the corporate office.
128-bit WEP keys. These are to be set both on the access point
and the client adapter.
Because of the enhanced capabilities now available for securing
connections across distrusted wireless networks and the public
Internet, enterprises can embrace mobility as a key component of
their business resilience strategies with relatively few worries.
This empowers companies to keep business processes going when users
are away from a traditional office workspace with a wired connection
to the corporate network.
Employees who can get connected both within and outside of the
corporate walls are employees who stay productive and, as a result,
increase their companies' competitive power.
|
