Triware Networld Systems 

26 Years Of Around The Clock Superior Network Systems Service & Support!

 

Home
Solution
Technology
Service
Support
Client
Partner
Career
Events
News
   Back ] Up ] Next ]
 
   

 

 

The Wild World of Wi-Fi and Your Laptop

What’s on your Christmas list this year?  If you’re like most, I suspect that you probably have at least one type of personal electronic device at the top of your list – an iPod perhaps or maybe a newer, faster laptop.  Laptops are of course incredibly handy for both business and personal computing.  And in addition to ever-increasing improvements in both their size and weight, there have been improvements in the availability of wireless or “Wi-Fi” networks as well.  These networks are what make laptops so convenient; allowing you to access the Internet from virtually anywhere a wireless network is available.

Over the last several years, Wi-Fi networks (aka WLAN or Hot Spots) have been spreading. Initially found only sporadically, at private residences or local businesses (such as coffee houses), they are increasingly ubiquitous, found in public places and even funded for free by municipalities and private organizations.  Devices that can use these Wi-Fi networks have also increased. Now, in addition to your laptop computer, a variety of mobile electronic devices are wireless enabled, including mobile phones, PDAs, MP3 music players, even digital picture frames and gaming consoles.

Wi-Fi networks give users the freedom to access the Internet just about anywhere – from home, the offices, or local neighborhood businesses, even sometimes parks and other outdoor spaces.  However, with this accessibility comes risk.  My advice when it comes to using Wi-Fi networks is this (from the movie “Body of Lies”) – “Trust no one, deceive everyone.” 

I try not to use Wi-Fi at all when a wired network is available, but when I do use it, I pull out all defensive security measures possible.  I thought I was being a little paranoid until I attended a week-long IBM ISS security seminar recently in Atlanta, GA. Our instructor told us that when he uses a computer in a public place, he will only do so if the computer Operating System is loaded from his very own USB memory drive that is hardened to have maximum protection. This way, if something ever does go wrong, he won't lose any of his data since the USB memory drive contains only the OS and applications he needs.

So what defensive measures can we deploy when it comes to Wi-Fi networks, especially those in public places?

bullet

Connect to a known Wi-Fi access point when possible.

bullet

Have a firewall, anti-virus/spyware/malware software running and all the signature definitions updated.

bullet

Turn off file and print sharing from the OS.

bullet

Turn off Bluetooth communications.

bullet

Avoid conducting financial transactions. If you must complete a financial transaction, make sure to do so only with trusted sites that have encryptions running (HTTPS web sites).

bullet

Avoid using HTTP, FTP, Telnet, POP3, SMTP and VoIP (SIP) applications because these applications use clear text only. In other words, all of the data is being transmitted via the Internet without encryption.  This actually is true too when it comes to wired networks.  But in public Wi-Fi networks, it just becomes much easier for others to capture the data from your transmissions.

bullet

Protect your information on the computer with encryption like the Encrypting File System (EFS) built-in Windows or by using Pretty Good Privacy (PGP) encryption.

bullet

Do not accept a stranger’s USB memory drive – virus/spyware/malware can be spread to your laptop by simply plugging in a USB memory drive.

bullet

 Never leave your computer unattended, especially with sensitive information on the screen.

bullet

Watch out for over-the-shoulder snooping (aka Shoulder Surfing), especially in crowded places.

bullet

 Turn off the Wi-Fi connection when you are not using the Internet or any other VPN connections.  Most new laptops have a built-in switch that allows you to easily switch the Wi-Fi signal off.  If yours does not have such a switch, you can always disable the Wi-Fi connection from within the Operating System.

bullet

Have a strong and complex password at all levels – hardware, Operating System, applications and files.  Take advantage of biometric authentication when your laptop has a fingerprint reader built-in.

bullet

Avoid using the Wi-Fi printer if security is a concern, especially a Wi-Fi printer that you do not own or again, is in a public place.

bullet

Do not write down your password any where on the same device that you are using.

bullet

Have a good and regular backup store somewhere besides your laptop, such as your desktop PC and/or server.

bullet

Use the same defensive measures on all Wi-Fi enabled electronic devices, when applicable.

But even with strict adherence to these defensive measures, they are just that: defensive.  They do not guarantee absolute security.  For example, not just your data, but your laptop itself can be stolen. This is, unfortunately, all too common. According to the Ponemon Institute, every 50 seconds a laptop is stolen from a U.S. airport.

So, it might behoove you to know about some of the software and services available in case your laptop (or desktop) is stolen.  These programs allow you to do the following:

bullet

Trace the physical location of the computer.

bullet

Delete files.

bullet

Execute a program.

bullet

Turn on the build-in camera if there is one.

For many reasons, organizations have the need to set up Wi-Fi networks.  What are some of the best practices in setting up Wi-Fi networks from a security and performance stand-point?  In this case, we’ll focus on private Wi-Fi network issues.

Change default passwords on all Wi-Fi devices!

Make sure to use some form of encryption like Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA / WPA 2).  WEP is fairly easy to decrypt, so it should be avoided.  As you may have guessed, WPA 2 is recommended over WPA.

bullet

Make sure to use at least two forms of authentication like MAC address table and log in using Remote Authentication Dial-in User Service (RADIUS) or MAC address and WPA 2 key.

bullet

Use two factors and/or biometric authentication when possible.

bullet

Make sure the Wi-Fi network is separated from production wired networks by having physical separation or a firewall.

bullet

Suppress Wireless Access Points (WAP) SSID broadcast when possible.

bullet

Deploy smart WAPs that use switching and meshed technologies rather than shared technology.  At the same time, smart WAP will also allow seamless roaming across many segments of the WLAN without needing to re-authenticate.

bullet

Make sure to use compatible standards to avoid reliability and performance issues.

Whether setting up a Wi-Fi network or just using one in public or in private, security is always going to be the number one issue, followed by performance.  There is not a Wi-Fi network that cannot be cracked if a hacker is determined and skilled enough. 

So remember: Trust no one, deceive everyone.

By Benson Yeung, Senior Partner

Benson Yeung Biography

Mr. Yeung has over two decades of IT architecture and security related experience, including extensive experience as an integrator and distributor of IT products and services. In 1991, Mr. Yeung founded Triware Networld Systems, a San Francisco Bay Area IT systems integrator, and in 2000, he founded Triware Networld Solutions, Inc., a San Francisco Bay Area solution provider for IT knowledge management.

Since 1991, Mr. Yeung has consulted on IT and business related issues to over 300 small, medium, and large organizations. He also contributes articles to the Loral Computer Special Interest Group, Microsoft Project, and Silicon Valley Computer Society monthly newsletter.

For more than two decades, Mr. Yeung has spent a significant amount of time in IT security fields including being a forensics investigator, auditor and has a deep understanding of the state of IT security issues and has developed frameworks and best practice methodologies for the field.

Mr. Yeung also works closely with various VC firms and startups in Silicon Valley as a Visionary, Strategist, Technology Advisor and Operations Consultant. Mr. Yeung has a B.S. in Computer Science from Arkansas State University. He is Microsoft Certified System Engineer & Certified Trainer.

Back to Top

Sign up for TNS News Letter

Information Request Form

Select the items that apply, and then let us know how to contact you.

Request a Senior Partner contact me
Request a Web Meeting and / or Web Demo
Subject
Name
Title
Company
Address
E-mail
Phone
Refresh >>
Enter code

Business Partners

   
     

© Copyrights Triware Networld Systems, L.L.C. ® 1991-2017