Thursday, August 23, 2007

Four Tips For Increasing Wireless Network Security

Passwords aren't enough to protect home wireless networks, and they're particularly poor security choices for networks of larger organizations, according to a University of Maryland assistant professor.

Michel Cukier, assistant professor of mechanical engineering and affiliate of the A. James Clark School of Engineering Center for Risk and Reliability and Institute for Systems Research, said that many users who link to an organization's network from home do so through their own unmanaged wireless networks. He released a paper Wednesday explaining the risks and outlining steps that wireless users can take to increase security.

"If these secondary connections are not secure, they open up the entire network to trouble," Cukier said in a prepared statement. "Unsecured wireless access points pose problems for businesses, cities, and other organizations that make wireless access available to customers, employees, and residents. Unsecured connections are an open invitation to hackers seeking access to vulnerable computers."

Cukier said there are several steps that wireless network owners and administrators can take to improve security and discourage "parasites" trolling for access and unsecured connections.

First, he suggests limiting the strength of wireless networks so they cannot be detected beyond the walls of a home or office. Cukier advises disabling the Service Set Identifier broadcasting. SSID is a code attached to packets on a wireless network. It identifies each packet as part of that network and allows all wireless clients within range to spot the network. When it's disabled, it's more difficult for unauthorized users to spot the network.

Cukier said that regularly changing encryption keys may increase network protection. He said Wi-Fi Protected Access should be used when possible, because Wired Equivalent Privacy can be decrypted with special software.

Cukier said that MAC addresses can also increase protection if the wireless access point is set up to only accept connections from a known MAC address.