Q

What security risks would we be introducing by adding a wireless router?

We have office network that is directly-connected to the Internet through broadband. We would like to add a wireless router so that users can access the Internet through our existing broadband connection. What security risks would we be introducing by adding the wireless router? Could PCs on the office network be scanned by wireless users?
Wireless Internet access can be added to your network safely, but only if you're careful about how you add it. Dropping a wireless router inside your network, behind your broadband router, will definitely expose your wired PCs to possible attack from wireless users. The proper placement for wireless is outside the firewall so that your office network remains protected from wireless intruders.

If your existing broadband router has a DMZ port, that would be a perfect location to connect a wireless router.

If not, then consider alternatives that would prevent wireless users from reaching your network. For example, if you have a separate broadband modem, can you connect both your wireless router and broadband router into the modem? Or connect the wireless router to the modem, then connect the broadband router to a switch port on the wireless router. Think in terms of making sure that whatever is protecting you from Internet-based attacks right now (your broadband router) will continue to protect you from wireless-based attacks. That will help you to sustain your existing level of security when you add the wireless router.

Of course, it's also important to secure the wireless network itself so that unauthorized users won't eat up your bandwidth. Most entry-level wireless routers support access control lists based on MAC address. Some support the stronger 802.1X port access control. Small offices are more likely to use MAC ACLs, while larger companies that have a RADIUS servers should use 802.1X. If you're somewhere in between, then consider a managed 802.1X service like the one offered by WSC. It's also a good idea to enable wireless link encryption. Most new wireless routers now support Wi-Fi Protected Access, used with either 802.1X or Preshared Secret Keys (PSKs). Again, small offices are more likely to use PSKs - if that's you, then be sure to pick a random value that's at least 20 characters long. Finally, encourage wireless users to run desktop firewall software to prevent being probed by wireless intruders. If your wireless router supports it, consider blocking the flow of traffic between wireless users.

To learn more about WLAN security risks and countermeasures, you might want to view my SearchSecurity webcasts (Part 1, Part 2).

This was first published in February 2004

Dig deeper on WLAN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close