The SecurityOverview covers basic questions and answers about Security Issues related to Wireless Networking.
If you haven't already, you should read the SecurityOverview before anything else.
Contents
Security is a process!
Security isn't something you can just tack on and leave alone. It involves being aware of the risks and knowing how to deal and counter any situations that arise as well as being proactive.
Risks
The following is a check list of security risks associated with Wireless Networking:
- Your Wireless network will be visible to anyone within the range of your antenna.
- Your computer's resources (hard drive, printer, etc.) are exposed to more people over a network.
- The network itself passes whatever information you request. If it's not scrambled, other people can hear it
Can I associate to it?
Wireless networks broadcast messages to let other users that the network is up. A popular tool to discover networks is Netstumbler.
Here we see three networks, "Air Ball 1", "Hou Network", "Vivato_FreeNet" and "Wireless". Two of these networks have "WEP" enabled, this means you need a password to connect to the network and use its resources. The other two networks, "Hou Network" and "Vivato_FreeNet" are open and available to anyone in range.
Enabling WEP is an easy way to secure your network, but it does not address the underlying security problem you may have. If something breaks wep, or WEP is accidently turned off, you may still be leaving your underlying network exposed.
Are you sharing your files?
Microsoft Windows has a powerful feature known as file sharing. You can access a folder on another computer across the network just as if you were sitting at the computer itself.
Ways to secure your Wireless Network
MAC Address Filtering
A MAC Address is a unique number assigned to your network card. Some access points can be configured to only allow certain MAC addresses through. This is the simplest level of access control.
Caveats:
- MAC Addresses can be spoofed
- Filtering does not protect the privacy of your data
- Not very flexible as far as management goes.
WEP
WEP is a very simple lock-and-key level of protection. Each user connecting to the network must know a share key. Users without the key can not associate to your network.
Caveats:
- WEP can be broken with effort.
- Each user has the same WEP key, relies on trust.
If you absolutely want to use WEP, you should change your wep keys regularly and use a utility like dwepkeygen to generate strong keys.
802.1x
802.1x is another form of security that works with X.509 certificates.
IP Security
IPSEC (IP Security) is a set of standards that encrypts your IP (Internet Protocol) traffic using strong encryption. IPSEC provides Authenticity (your data is being sent and received to the correct place), Integrity (the data has not been tampered with) and Privacy (it can not be viewed by your nosey neighboor).
Unlike WEP, IPSEC is part of the Internet Protocol. It can work over the Internet, your Local Area Network and your Wireless Network.
- IPSecSoftware lists software for various operating systems.
UniversalIpSec : A rant on using X.509 certificates to support roaming users across independent community networks.
Use Encryption like SSL, TLS and PGP
Even if you have a secure network you should use application layer encryption (encrypting data through the application, not the network -- get it? 
).
- Most web browsers and Email clients support the use of SSL and/or TLS.
- You should use "APOP" password protection in your Email client, this will scramble your Email password even if SSL/TLS aren't being used.
- PGP (Pretty Good Privacy along with it's Open Source equivillent GPG) can be used to encrypt Email and files on your harddrive.
Don't accept candy from strangers
Never EVER open a file or attachment from someone you don't know (indeed it's probably not a good idea to open an attachment or file from someone you do know if you weren't expecting it). Running a program that has been infected with a virus on one of your computers can result in your security being compromised. "Trojan Horse" programs can run on your system allowing an outsider to bypass things like passwords.
Make backups on a regular basis
You should be making backups on a regular basis. This can be as simple as copying your data to a CD-R or another computer. Backups won't just protect you if you have a system crash, if your system is compromised, you can not trust the data or programs you have -- you should *always* revert to a known-to-be-safe backup if you suspect your system has been broken into.
Isolate your Networks
The first line of defense in securing your data is to isolate your private in-home data away from a public network.
If possible, physically seperate your Wireless, Wired, Internet and Telephone networks using a firewall. A used Pentium class computer running FreeBSD or Linux will do.
Setup packet filtering/firewall software (ipfw, ipf, ipchains, etc.) to block access to certain services on your Wired Network.
- Simplistic Firewalled Network
See NodeBuilding for examples of inexpensive, home built routers.
If you're wanting to use a Wireless Only network, consider using IPSEC and restricting access to your sensitive servers to IPSEC clients only (see below).
What to do if you get broken into
If you're system is compromised, the first most important thing to do is
- Make a snapshot of the compromised system (using a tool like Nero CD burning software, etc.)
A snapshot will help you preserve evidence of the break in. Don't delete files or modify anything until you've made a snap shot. Doing so will break the state of your system and can render an investigation of how the break-in occured completely useless.
After you make a snapshot, you should:
- Try and find out how they broke in.
- Look for modified/new programs and data. If you have a general idea of when the break in occured, you can search for files modified and/or created during that time
- Windows Users can use the "Find" command from the Start Menu to search for files modified within so many days.
- Unix users can use the 'find' utility, look at the man page for 'find' for more information.
- Look for modified/new programs and data. If you have a general idea of when the break in occured, you can search for files modified and/or created during that time
- Do a complete fresh re-installation of your system. Format your hard drive and start over. This may sound extreme, and if you're comfortable continuing to use the system as it is then you needn't bother, but starting from scratch will give you the peace of mind knowing that "what if" isn't an issue.
You take notes of everything you find. If you decide to file a report with the police this data will be invaluable. Also be prepared to provide a copy of your compromise'd systems snapshot for their forensic people to look at (or do it yourself -- which is often more useful, law enforcement people are often over worked and under-qualified and won't know your system the way you do).
