The following excerpt is from Chapter 4 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt series.
Securing wireless communications
Wireless communications have come under fire for their weak data-encryption implementation and lack of sound authentication mechanisms. Add to these shortcomings a cavalier implementation, and you have the recipe for disaster. Although techniques for spying on computer systems using specialized antennas, watching the blinking network access lights, telescopically viewing computer monitors and other techniques have been used in the past, these techniques require some sophistication or clear line of sight to implement. Wireless networking as now used requires neither.
For most, the threat to data exposure has been perceived as limited to penetration of limited access points to the network. No access points, no threat. Limited access points with detection and firewalling lessen the threat. Difficult to entirely prevent exposure, but if properly designed and configured, an acceptable risk. However, wireless access to the corporate network exposes internal communications to external entities. The outsider doesn't have to physically connect to the internal LAN, penetrate the corporate firewall, nor discover unprotected dial-up access. He or she has only to sit within the range of the WAP (60 to 300 feet for most) and have his or her own wireless networking card. A single, improperly configured WAP serves up the network to any such passerby. Many properly configured WAPs are easily subject to penetration due to weak encryption implementations and the existence of tools that purport to decrypt communications.
Four security implementation opportunities exist for wireless networking: do nothing, use standard security options available for configuration on the access points, use standard security options plus firewall the access point, add 802.1x authentication and improved technology.
Click for the next excerpt in this series: Standard security options.
Click for the book excerpt series or visit Realtimepublishers.com to obtain the complete book.