ced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points

Introduction

It has become common practice to deploy wireless networks for convenience applications requiring users to be mobile. Also many "road warriors" have Wi-Fi accounts that let them access the Internet and the corporate network from remote locations. Furthermore, many deploy Wi-Fi at home to avoid the difficulties of wiring the home. But because wireless networks operate by broadcasting a radio signal between nodes, they are especially vulnerable to hackers and abuse.

Wired equivalent privacy (WEP) has been used in the past to secure wireless LANs. However, WEP has significant weaknesses, most notably that it uses encryption keys that are both static and known by stations across the network, and it uses a weak implementation of the encryption algorithm. Thus, it is important that wireless networks be protected by the new generation of security features now available.

Advanced Wireless Security Features

IT personnel have a number of available options to make their wireless networks more secure than they are using WEP:

· The Wi-Fi Alliance has developed Wi-Fi Protected Access (WPA), which is a standards-based security technology based on the IEEE 802.1X standard. It is free and built into both Windows XP and Macintosh OS/X. Any equipment with the Wi-Fi Alliance sticker is assured to support WPA. WPA2, implementing IEEE 802.11i, has been released, so users of WPA should plan on a migration as equipment using the new standard becomes available.

· Isolating the wireless network on a private LAN is an option for those who like the security of Virtual Private Networks (VPNs). IPSec (IP Security) is available as an even stronger alternative to WPA and WPA2. IPSec supports the secure exchange of packets at the IP layer and has been deployed widely to implement VPNs. Although a less secure VPN option than IPSec, Point-to-Point Tunneling Protocol (PPTP) can be layered over WEP to provide authentication and a second layer of encryption as an option for those who need support for older laptop systems. Whatever solution is used, you must be sure road warriors always access corporate resources over connections that are protected using strong encryption, either via a VPN or using SSL-enabled web pages.

· Isolating clients by preventing them from talking to one another on the wireless network is an option which prevents wireless hackers from attacking other users. This is especially useful in public wireless networks, and client isolation is a common feature in the more advanced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points

uses encryption keys that are both static and known by stations across the network, and it uses a weak implementation of the encryption algorithm. Thus, it is important that wireless networks be protected by the new generation of security features now available.

Advanced Wireless Security Features

IT personnel have a number of available options to make their wireless networks more secure than they are using WEP:

· The Wi-Fi Alliance has developed Wi-Fi Protected Access (WPA), which is a standards-based security technology based on the IEEE 802.1X standard. It is free and built into both Windows XP and Macintosh OS/X. Any equipment with the Wi-Fi Alliance sticker is assured to support WPA. WPA2, implementing IEEE 802.11i, has been released, so users of WPA should plan on a migration as equipment using the new standard becomes available.

· Isolating the wireless network on a private LAN is an option for those who like the security of Virtual Private Networks (VPNs). IPSec (IP Security) is available as an even stronger alternative to WPA and WPA2. IPSec supports the secure exchange of packets at the IP layer and has been deployed widely to implement VPNs. Although a less secure VPN option than IPSec, Point-to-Point Tunneling Protocol (PPTP) can be layered over WEP to provide authentication and a second layer of encryption as an option for those who need support for older laptop systems. Whatever solution is used, you must be sure road warriors always access corporate resources over connections that are protected using strong encryption, either via a VPN or using SSL-enabled web pages.

· Isolating clients by preventing them from talking to one another on the wireless network is an option which prevents wireless hackers from attacking other users. This is especially useful in public wireless networks, and client isolation is a common feature in the more advanced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points

/X. Any equipment with the Wi-Fi Alliance sticker is assured to support WPA. WPA2, implementing IEEE 802.11i, has been released, so users of WPA should plan on a migration as equipment using the new standard becomes available.

· Isolating the wireless network on a private LAN is an option for those who like the security of Virtual Private Networks (VPNs). IPSec (IP Security) is available as an even stronger alternative to WPA and WPA2. IPSec supports the secure exchange of packets at the IP layer and has been deployed widely to implement VPNs. Although a less secure VPN option than IPSec, Point-to-Point Tunneling Protocol (PPTP) can be layered over WEP to provide authentication and a second layer of encryption as an option for those who need support for older laptop systems. Whatever solution is used, you must be sure road warriors always access corporate resources over connections that are protected using strong encryption, either via a VPN or using SSL-enabled web pages.

· Isolating clients by preventing them from talking to one another on the wireless network is an option which prevents wireless hackers from attacking other users. This is especially useful in public wireless networks, and client isolation is a common feature in the more advanced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points

PTP) can be layered over WEP to provide authentication and a second layer of encryption as an option for those who need support for older laptop systems. Whatever solution is used, you must be sure road warriors always access corporate resources over connections that are protected using strong encryption, either via a VPN or using SSL-enabled web pages.

· Isolating clients by preventing them from talking to one another on the wireless network is an option which prevents wireless hackers from attacking other users. This is especially useful in public wireless networks, and client isolation is a common feature in the more advanced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points

ced wireless access points and hotspot kits.

· Controlling access to the wireless network while also enabling access for guests is often a problem. Many wireless devices support guest access by segregating unauthenticated users in a separate virtual LAN apart from the corporate network. You may also want to impose a simple firewall that supports web authentication.

· Access to the wireless network can also be restricted to machines whose MAC addresses match addresses on an approved list. The list can be either static or stored on a RADIUS server for look-up.

· Finally, most of the more sophisticated access points have adjustable signal strengths, varying from only a few milliwatts up to several hundred milliwatts. Varying the signal strength can prevent signal from leaking out of the building to surrounding buildings and parking lots, and can prevent eavesdroppers from picking up the wireless signal while sitting in their vehicles or in a nearby building.

Conclusion:

Products are now being offered which make available commercial implementations of new standards in wireless network security. Complications can arise when trying to integrate new equipment and standards with legacy systems, but in many cases vendors have accommodated such deployment scenarios. With these new products and the standards they implement, your wireless network can be at least as secure as your wire-based network.

About Jonathan Coupal:

Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal’s greatest strengths are evaluating customers’ unique problems, developing innovative, cost effective solutions and providing a “best practice” implementation methodology. Mr. Coupal’s extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice. Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.