Wi-fi, wireless networks and Bluetooth technologies are used by several organizations today. Computer users interested in convenience and mobility prefer to access the Internet and transfer data between devices wirelessly. However, to prevent unauthorized access by others in such a network, it is important for business organizations to secure their wireless routers and Bluetooth devices. Frank Johnson looks into the ways that can be used by organizations for security of these devices.
Wireless Routers:Going wireless generally calls for a broadband Internet connection referred to as the 'access point'. This may be a cable or DSL line that runs into a modem. To set up the wireless network, users connect the access point to a wireless router. This broadcasts a signal through the air, sometimes as far as several hundred feet. Any laptop, digital tablet or smartphone equipped with a wireless client card can pull the signal within the range and gain access to the Internet.
The downside of a wireless network is that, unless sufficient precautions are taken by authorized users, anyone with a wireless-ready device can use the network eating into the bandwidth. The unauthorized users may also include hackers and other miscreants who can ‘piggyback’ on the network and access crucial information on the computer. What’s worse, if the unauthorized people use the network to commit a crime or send spam, the activity will be traced back to the account of authorized users.
The good news is that there are ways that you can use to secure your wireless networks:
1) Use Encryption:The best way to secure wireless network from intruders is to encrypt, or scramble, communications over the network. Most wireless routers, access points, and base stations have built-in encryption mechanism. However, manufacturers often deliver wireless routers with the encryption feature turned off. These need to be turned on. The 2 types of encryption available include Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). The computer, router, and other equipment need to use the same encryption.
2) Use anti virus, anti spyware software and firewall:Computers working through wireless routers need the same protections as any other computer connected to the Internet. Ensure that you have an anti-virus and anti-spyware software, and always keep them up-to-date. Turn on the firewall for all the systems in network.
3) Turn off identifier browsing:Most wireless routers have a mechanism known as identifier broadcasting. This sends out a signal to any device in the vicinity announcing its presence. There is no need to broadcast this information as the authorized people using the network would already know it is there. Hackers can use identifier broadcasting to connect their devices on vulnerable wireless networks. That's why it is important to disable the identifier broadcasting mechanism if your wireless router allows it.
4) Change the identifier on router from the default:The identifier for your router is likely to be a standard, default ID that is assigned by the manufacturer to all hardware of that model. Even if such a router is not broadcasting its identifier, hackers may know the default IDs and can use them to try to access your network. To avoid this change your identifier to something only that you know – remember to configure the same unique ID into your wireless router and your computer so they can communicate. The password used for this must be at least 10 characters strong.
5) Change your router’s pre-set password for administration:
The manufacturer of your wireless router assigns it a standard default password that allows you to set up and operate the router. Hackers know these default passwords, so change it to something only you know. Again, make it long, strong and complex to deter the hackers from cracking it.
6) Allow only specific computers to access the wireless network:All computers that can communicate with a network are assigned their own unique Media Access Control (MAC) address. Wireless routers usually have a mechanism to allow only devices with particular MAC addresses access to the network. However, some hackers can mimic MAC addresses, so it is safer to allow only limited number of devices in the network.
7) Turn off your wireless network when it is not being used:Hackers cannot access a wireless router when it is shut down. Turning off the router when it is not being used limit the amount of time that it is susceptible to a hack.
Bluetooth:Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless personal area networks (WPAN), commonly known as ad hoc or peer-to-peer (P2P) networks. Bluetooth technology has now been integrated into many types of business and consumer devices, including cellular phones, personal digital assistants (PDA), laptops, automobiles, printers, and headsets. This lets users to form ad hoc networks between different devices to transfer voice and data.
Bluetooth technology and associated devices are prone to general wireless networking threats including denial of service attacks, eavesdropping, man-in-the-middle attacks, message modification, and resource misappropriation. Attacks against improperly secured Bluetooth implementations provide attackers an unauthorized access to sensitive information. They can also manipulate the Bluetooth devices and other systems or networks to which their devices are connected.
To improve the security of Bluetooth implementations, organizations should take care of following aspects:
1) Use the strongest Bluetooth security mode available for all Bluetooth devices used in the organization :There are four security modes for Bluetooth devices and each version of Bluetooth supports some though not all of these modes. These modes basically differ by how well they protect Bluetooth communications from a potential attack. Security Mode 3 is the strongest mode as it always calls for authentication and encryption to be established before an actual Bluetooth physical link is completely established. Security Modes 2 and 4 also use authentication and encryption, but only after the Bluetooth physical link has already been fully established and logical channels are partially established. Security Mode 1 provides no security functionality at all. The available modes vary based on the Bluetooth specification versions for both devices. Business organizations need to choose the most secure mode available for each case.
2) Address Bluetooth technology in security policies and change default settings of Bluetooth devices to reflect those policies:A security policy that defines needs for Bluetooth security is the foundation for every other Bluetooth-related countermeasure. The policy must ideally include a list of approved uses for Bluetooth, a list of information that may be transferred over Bluetooth networks, and requirements for choosing and using Bluetooth personal identification numbers (PIN). After establishing Bluetooth security policy, organizations need to ensure that Bluetooth devices’ default settings are reviewed and changed as required so that they comply with the security policy requirements. For instance, a typical requirement is that unnecessary Bluetooth profiles and services should be disabled to minimize the number of vulnerabilities that attackers could attempt to exploit. A centralized security policy management approach is important to ensure device configurations are compliant.
3) Ensure that Bluetooth users are aware of their security-related responsibilities concerning Bluetooth use:A security awareness program helps users to follow security practices that help prevent security incidents. Users should also be made aware of other actions to take involving Bluetooth device security, such as ensuring that Bluetooth devices are turned off when they are not needed to minimize exposure to malicious activities, and not performing Bluetooth device pairing very frequently especially in a physically secure area where attackers cannot observe key entry and eavesdrop on Bluetooth pairing-related communications.
About the Author:This article by Frank Johnson is in continuation to his series on ‘Secure IT Systems’ Frank is a regular editorial contributor on technology products and services that help small to mid size businesses. To know more about Securing Your Wireless Router and Bluetooth, you may interact with him here