WIRELESS NETWORKS
Securing teleworker wireless LANs
by Lisa Phifer, VP, Core Competence
04.08.2003
Rating: -4.44- (out of 5)
|
[TABLE] For years, companies have wrestled with security risks introduced by teleworkers. According to ITAC, one in five U.S. employees spent some time working from home in 2001. Growth is being accelerated by residential broadband services -- In-Stat/MDR estimates that 14% of U.S. homes now have cable modem or DSL. High-speed, always-on connections make working from home more palatable, but they also increase risk by adding new territory that must be defended from abuse and attack.
Today, residential wireless LANs are tossing fresh fuel on this smoldering fire. According to In-Stat/MDR, six million Wi-Fi home nodes were sold in 2002, projected to reach 33 million by 2006. Wireless LANs make Internet connection, printer and file sharing among PCs in the home much easier. But when one of those nodes is a teleworker desktop or laptop, securing the WLAN becomes a corporate concern.
Expanding the security gap
Teleworker PCs connected to the Internet were always at risk, but broadband exacerbated this by expanding the window of opportunity. Teleworkers connected to home WLANs open that window even wider. Some new risks resulting from lax home WLAN security include the following.
Filling that gap
What can companies do to avoid these pitfalls and encourage safer use of teleworker wireless LANs?
Choose the right hardware for the job. Terminology can be confusing, and many teleworkers don't understand the difference between a wireless AP and router, or between a router with an integrated
To continue reading for free, register below or login
To read more you must become a member of SearchNetworking.com
VPN gateway or VPN pass-through.
Enable basic 802.11 security. MAC access control lists, shared key authentication, and WEP aren't perfect, but they are still useful as a first line of defense. In a small, self-contained WLAN, shared keys and ACLs are manageable. Supply guidance on how to pick good SSID and key values, when to update keys, etc.
Harden wireless devices. Teach teleworkers to change or disable unused listening ports and configure hard-to-guess passwords. Connect only with known APs, disabling Windows XP's ability to connect to any non-preferred network.
Extend existing desktop security measures. For example, reconfigure VPN client policies to also apply to wireless adapters, and identify wireless router VPN pass-throughs that are compatible with your VPN client.
If you don't use VPN on the WLAN, consider other options to increase protection for sensitive traffic. For example, use SSL webmail instead of POP or encrypted screen sharing instead of cleartext remote desktop access.
Rethink home network trust. Sharing printers and files may be acceptable on a residential Ethernet that's protected from the Internet by a firewall/router. Doing so over wireless probably is not. Help teleworkers to identify new sources of risk.
If you haven't already, get started now. Home WLAN adoption is now growing faster than enterprise WLAN use. If your workers carry laptops or have PCs at home, odds are excellent that you already have at least a few teleworkers using wireless.
|
|
|
|
|
|
