The future

.

Not got broadband?

.

actnow services

.

Flexible working

.

actnow reach

.

IT advice

.

Case studies

.

Broadband coverage in Cornwall

.

Visitors to Cornwall

.

About actnow

.

Wireless broadband security

A good defence involves layers of security, each designed to thwart certain threats.  Here’s a list of things to keep in mind when securing your system if you are either an individual user or the host.

The individual user:

• We suggest you install a robust and updatable anti-virus and personal firewall on your laptop or PDA. It is important to keep your anti-virus up to date and configure your software to check automatically for updates on a regular basis.
• The use of a Spyware Package is also advisable, Microsoft provide one that is free to download - go to www.microsoft.com then follow the link on downloads.
• It is also worth password protecting your system but remember turn off any automatic log in facilities (i.e. if you have set it to remember your passwords automatically).
• If you use a secure VPN (Virtual Private Network) to securely access your corporate network or intranet.  Any security holes in your remote computer connecting to the office network will make the office network vulnerable, so make sure remote users adhere to the same security policy you have in place for the office. 
• Turn off file sharing when in a public hotspot. (Right Click on the folder that’s shared then Click on “sharing and security” under the Sharing Tab you can Tick “Make this folder private”)
• If your laptop automatically connects to available wireless networks you could be associating with wireless access points without even knowing it. To prevent this turn off any features that automatically connect you to available networks.
• Only submit your credit cards or financial details securely. When doing this you should see a padlock on the bottom right of your browser window; and the internet address you are submitting it to should start with https instead of http.
• Strong and unusual passwords, using a mixture of upper and lower case, numbers and special characters, make it difficult to steal or crack passwords.
• It is important to agree to the terms and conditions of use as set out by the wireless provider whether this is BT Openzone or an unmanaged solution. It is the user who is accountable for the online content accessed through the hotspot. Hosts will either provide terms and conditions via the access gateway or in written form. 
• Secure the transmission of your data over the wireless network by encrypting it which makes the data transmit incomprehensibly and therefore useless to snoops. For more information on Encryption go to: www.getsafeonline.org
• And finally, don’t underestimate the old fashioned over the shoulder snoop, be aware of those around you and keep prying eyes from your keyboard or screen.

The host:

If you are using a managed solution such as BT Openzone or freehotspot.com then you should follow the provider’s recommendations.

If you are attempting to provide a wireless network for guests to use and not using a managed solution like BTOZ or freehotspot.com or simply have a wireless network on your premises that is really there only for internal use, there are some important security concerns you need to be aware of. 

Due to these concerns surrounding this solution actnow recommends using a managed service to provide broadband access to the public.

Most unmanaged wireless network equipment, when it comes out of the box, is not protected in order to make it easy to set up. This means you have to configure the network yourself to make it secure.

Lock down your network - The key concern with an unsecured WiFi network is that the access point must share an internet connection with both the public and the host. This means that there is a high chance the access point could provide anyone access to the host’s personal network. Preventing this is possible to an extent via the use of a firewall or router management which has been professionally configured. Not all routers can do this some - cheaper routers don’t have these extra features.

The best way to lock down your wireless net work is to use WPA encryption (Wi-Fi Protected Access. WPA encryption is a specification of standards-based, interoperable security enhancements that increase the level of data protection and access control for existing and future wireless LAN systems). 

An alternative way to lock down your network is to use a WEP key. A WEP key provides an encryption key for data on your Wi-Fi network. This can be set up manually or by using an online WEP key generator, from the routers Wi-Fi management page. The WEP key must be changed on a regular basis to maintain security. Even though the WEP key is more widely used than the WPA encryption it is more susceptible to misuse with the right software, which can be down loaded free off the internet you can break WEP in 3 to 4 minutes.

The managed solutions such as BT Openzone and freehotspot.com will always work on an unsecured network but these systems manage their own security by encrypting the traffic between the user and the host by using a VPN.

A Firewall should be used to separate the wireless users from the internal users; however it’s important to set up security policies on the firewall correctly. One of the most common problems with complex equipment is the increased chance of misconfiguration. The reason we suggest using a dedicated firewall is that you can configure it to block everything, and then you can slowly relax these settings.

If you are allowing guests to have internet access through your own unmanaged wireless network you must advise them to ensure they have a firewall enabled on their laptop.

Legal responsibility – it is extremely important that if you are offering to share your wireless network with guests that agreed terms and conditions are in place. In managed hotspot solutions such as BT Openzone and freespot.com this is addressed and users agree to adhere to terms and conditions of use via the access gateway. For an unmanaged wireless network the host must ensure that the user agrees to take responsibility for their use of the network. This can be agreed in a written form and retained as a record of use. If terms and conditions are not in place then the host will could be held accountable for users accessing illegal content or using hotspots for illegal activity. It is recommended that you seek legal advice regarding this to ensure that liability is with the user and not the hosts.

Mac Filtering - for those setting up a wireless network purely for internal use and not guest access it is worth considering using Mac filtering as well.  Every device on a wireless network has a unique address that's used to distinguish one wireless network interface card (WNIC) from another. This address is called the Media Access Control (MAC) address. Since every network card has been pre-assigned a unique MAC address by the hardware vendor, an access point can be set up to only allow a pre-selected list of network cards to connect, meaning you can restrict who uses the network by filleting the MAC addresses. This offers an additional means of protection not a sole one.

These are actnow's recommendations and it is the responsibility of the customer to ensure they are offering a safe and secure broadband service.