Wireless Security Troubleshooting

Security is unfortunately a major issue on a wireless network. The basic problem is that the current wireless standard doesn’t authenticate users in the same way that a domain security database does.

A user has to know the SSID name and the key to gain access to the network, but the system doesn’t demand that users identify themselves to the network. That important task is left to your network’s authentication authority, which is most often your domain server.

The reason for the pass-through is that authentication at the wireless access point adds an additional layer of complexity that the designers of 802.11 wanted to avoid, and also limits access to the network for anyone who doesn’t have an account.

Also, it’s harder to set up a wireless network security scheme than it should be for the average user, and unfortunately it’s also easy to make mistakes. Mistakes have consequences, anything from someone you don’t know or want to allow on your network jumping on for a joyride to someone stealing data, or worse, your identity.

It’s best to catch these problems before they occur rather than after the fact. If you troubleshoot your wireless security before problems arise, you may save yourself considerable grief later on.

Security is a little like buying an insurance policy: you don’t know if you’ll ever need it, but when you need it, you really need it. In this case, with the lack of an intrusion, you may never even know whether or not you needed it because the lack of a security breach doesn’t mean that people aren’t trying.

You only have to open a port scanner and monitor the traffic coming in from the Internet to know that someone is trying to access your network every few minutes. If your network has a firewall or a proxy server, and you have the security logging feature turned on, perusal of that log will likely be an eye opener.

With all this in mind, let’s take a look at the problems involved with wireless network security and how you can go about diagnosing and fixing them before they really become problems.

I’m on a public access point; the network is open and unencrypted. How do I best secure my laptop?

When you are connected to a hotspot, some of the wireless network security tools such as WEP and WPA may no longer be available. Therefore you need to consider other means for securing your laptop and the data that is transmitted and received.

The two main methods for securing a laptop are enabling a personal firewall and encrypting traffic. For Windows, either enable the Internet Connection Firewall feature for a network connection, or turn on a program such as Norton Personal Firewall or Zone Alarm to prevent outside access.

A personal firewall is a barrier that prevents outsiders from scanning your data and file system. Some packages, like ZoneAlarm Pro, examine the nature of the traffic and let you accept or decline an access. Turn off file sharing, and unshare any network shares that exist on your system.

My e-mail doesn’t work on the hotspot. How can I get my e-mail securely?

For some mail servers and ISPs, it is possible to encrypt your e-mail password. You can also use an Authenticated POP or APOP to create a session token from your password that is used to authenticate you to the POP server. APOP tokens are secure and are unique per session, so they can’t be guessed or reused.

However, APOP doesn’t encrypt your message traffic, so it is really only moderately useful. Another technique for protecting e-mail is to use SMTP AUTH. The SMTP Authorization protocol involves using SMTP commands to authenticate yourself to an SMTP server so that you can send outgoing mail.

If you are having trouble sending mail on a hotspot you may have to use this technique anyway. The problem with SMTP AUTH is that it protects only your password, and doesn’t protect your traffic. To best protect your traffic, you should consider using your own personal encryption program.

The software that is the current standard for encryption is the program PGP, or Pretty Good Privacy. PGP uses public key/private key cryptology to encrypt traffic so that only the person with the correct private key at the receiving end can use the public key in combination with his or her private key to encrypt the communication.

Other methods used to protect data in transmission work by encrypting traffic. You can use technologies such as Secure Sockets Layer (SSL), Secure Shell (SSH), and Virtual Private Networking (VPN) to protect you data in transit.

What other things should I turn on and off to improve security?

Here is a list of 12 services and settings that you should consider changing:

  • Install antivirus and anti-spyware software.
  • Turn off the ad hoc mode for your wireless network unless you are in a secure location.
  • Separate your wireless network from your wired network with a firewall.
  • Secure access points so that they can’t be physically accessed (remember that they come with reset buttons).
  • When you change an access point’s settings, do so by using a direct connection from the wireless device to the computer you are using to access the management software to limit the path the data travels.
  • Turn off the SNMP (Simple Network Management Protocol) service because that service allows users to auto-discover devices on a network.
  • Use static IP addresses in place of dynamic DHCP addressing; turn off DHCP on your network.
  • Use MAC filtering on small networks. On larger networks MAC filtering is troublesome.
  • Pick strong passwords that can’t be broken, especially for the administrator password.
  • Always disable a wireless NIC connection when it is not in use.
  • If you detect a security breach, change your settings and access passwords and systems to your network.
  • Always change any default settings you find, and document your changes in a safe location.