|
The Wild World of Wi-Fi and Your Laptop
What’s on your Christmas list this
year? If you’re like most, I suspect that you probably have at
least one type of personal electronic device at the top of your list
– an iPod perhaps or maybe a newer, faster laptop. Laptops are of
course incredibly handy for both business and personal computing.
And in addition to ever-increasing improvements in both their size
and weight, there have been improvements in the availability of
wireless or “Wi-Fi” networks as well. These networks are what make
laptops so convenient; allowing you to access the Internet from
virtually anywhere a wireless network is available.
Over the last several years, Wi-Fi
networks (aka WLAN or Hot Spots) have been spreading. Initially
found only sporadically, at private residences or local businesses
(such as coffee houses), they are increasingly ubiquitous, found in
public places and even funded for free by municipalities and private
organizations. Devices that can use these Wi-Fi networks have also
increased. Now, in addition to your laptop computer, a variety of
mobile electronic devices are wireless enabled, including mobile
phones, PDAs, MP3 music players, even digital picture frames and
gaming consoles.
Wi-Fi networks give users the
freedom to access the Internet just about anywhere – from home, the
offices, or local neighborhood businesses, even sometimes parks and
other outdoor spaces. However, with this accessibility comes risk.
My advice when it comes to using Wi-Fi networks is this (from the
movie “Body of Lies”) – “Trust no one, deceive everyone.”
I try not to use Wi-Fi at all when a
wired network is available, but when I do use it, I pull out all
defensive security measures possible. I thought I was being a
little paranoid until I attended a week-long IBM ISS security
seminar recently in Atlanta, GA. Our instructor told us that when he
uses a computer in a public place, he will only do so if the
computer Operating System is loaded from his very own USB memory
drive that is hardened to have maximum protection. This way, if
something ever does go wrong, he won't lose any of his data since
the USB memory drive contains only the OS and applications he needs.
So what defensive measures can we
deploy when it comes to Wi-Fi networks, especially those in public
places?
 |
Connect to a known Wi-Fi access
point when possible. |
|
Have a firewall,
anti-virus/spyware/malware software running and all the
signature definitions updated. |
|
Turn off file and print sharing
from the OS. |
|
Turn off Bluetooth
communications. |
|
Avoid conducting financial
transactions. If you must complete a financial transaction, make
sure to do so only with trusted sites that have encryptions
running (HTTPS web sites). |
|
Avoid using HTTP, FTP, Telnet,
POP3, SMTP and VoIP (SIP) applications because these
applications use clear text only. In other words, all of the
data is being transmitted via the Internet without encryption.
This actually is true too when it comes to wired networks. But
in public Wi-Fi networks, it just becomes much easier for others
to capture the data from your transmissions. |
|
Protect your information on the
computer with encryption like the Encrypting File System (EFS)
built-in Windows or by using Pretty Good Privacy (PGP)
encryption. |
|
Do not accept a stranger’s USB
memory drive – virus/spyware/malware can be spread to your
laptop by simply plugging in a USB memory drive. |
|
Never
leave your computer unattended, especially with sensitive
information on the screen. |
|
Watch out for over-the-shoulder
snooping (aka Shoulder Surfing), especially in crowded places. |
|
Turn
off the Wi-Fi connection when you are not using the Internet or
any other VPN connections. Most new laptops have a built-in
switch that allows you to easily switch the Wi-Fi signal off.
If yours does not have such a switch, you can always disable the
Wi-Fi connection from within the Operating System. |
|
Have a strong and complex
password at all levels – hardware, Operating System,
applications and files. Take advantage of biometric
authentication when your laptop has a fingerprint reader
built-in. |
|
Avoid using the Wi-Fi printer if
security is a concern, especially a Wi-Fi printer that you do
not own or again, is in a public place. |
|
Do not write down your password
any where on the same device that you are using. |
|
Have a good and regular backup
store somewhere besides your laptop, such as your desktop PC
and/or server. |
|
Use the same defensive measures
on all Wi-Fi enabled electronic devices, when applicable. |
But even with strict adherence to
these defensive measures, they are just that: defensive. They do
not guarantee absolute security. For example, not just your data,
but your laptop itself can be stolen. This is, unfortunately, all
too common. According to the Ponemon Institute, every 50 seconds a
laptop is stolen from a U.S. airport.
So, it might behoove you to know
about some of the software and services available in case your
laptop (or desktop) is stolen. These programs allow you to do the
following:
|
Trace the physical location of
the computer. |
|
Delete files. |
|
Execute a program. |
|
Turn on the build-in camera if
there is one. |
For many reasons, organizations have
the need to set up Wi-Fi networks. What are some of the best
practices in setting up Wi-Fi networks from a security and
performance stand-point? In this case, we’ll focus on private Wi-Fi
network issues.
Change default passwords on all
Wi-Fi devices!
Make sure to use some form of
encryption like Wired Equivalent Privacy (WEP) or Wi-Fi Protected
Access (WPA / WPA 2). WEP is fairly easy to decrypt, so it should
be avoided. As you may have guessed, WPA 2 is recommended over WPA.
|
Make sure to use at least two
forms of authentication like MAC address table and log in using
Remote Authentication Dial-in User Service (RADIUS) or MAC
address and WPA 2 key. |
|
Use two factors and/or biometric
authentication when possible. |
|
Make sure the Wi-Fi network is
separated from production wired networks by having physical
separation or a firewall. |
|
Suppress Wireless Access Points
(WAP) SSID broadcast when possible. |
|
Deploy smart WAPs that use
switching and meshed technologies rather than shared
technology. At the same time, smart WAP will also allow
seamless roaming across many segments of the WLAN without
needing to re-authenticate. |
|
Make sure to use compatible
standards to avoid reliability and performance issues. |
Whether setting up a Wi-Fi network
or just using one in public or in private, security is always going
to be the number one issue, followed by performance. There is not a
Wi-Fi network that cannot be cracked if a hacker is determined and
skilled enough.
So
remember: Trust no one, deceive everyone.By
Benson Yeung,
Senior
Partner
Benson Yeung Biography
Back to Top
Information Request Form
|
|
