· Make sure that your wireless network is based on WPA (WiFi Protected Access) security or equivalent as a minimum. Do not base your network on older WEP (Wired Equivalent Privacy) technology as this has a number of known weaknesses.
· Ensure that factory default settings in your wireless equipment have been changed.
· Ensure that strong passwords are set wherever it is possible to set them to minimise the potential for hackers to gain access to the network.
· Consider using an encrypted virtual private network to ensure that any connection to the network is granted only to authorised users, is password protected, and any data transmitted is kept hidden.
· Wireless access points should run at a low power level to reduce the ability of computers in nearby buildings or public areas from detecting your wireless signals. If access is poor then more access points should be added. Avoid placing access points near to windows or public areas wherever possible.
· Ask your network manager to consider installing a radius service which allows more sophisticated management of legitimate users.
Further information
NHS Connecting for Health
For information on application security in the NHS
nww.connectingforhealth.nhs.uk
Get Safe Online
For general information about wireless network security, visit
www.getsafeonline.org/nqcontent.cfm?a_id=1151 / Remember:
Do
· check your organisation’s policy on wireless computing
· make sure that you seek professional guidance when selecting a wireless system to ensure minimum security requirements are met
· ensure that all security settings are enabled and defaults have been changed
· ensure that all computers on the network are using desktop firewall facilities to deny any unauthorised access
· report any suspected network security breaches to your IT support department.
Don’t
· allow the use of wireless devices on your network unless adequate security measures are in place
· try to configure the wireless network settings yourself unless you really know what you are doing - your network may still be vulnerable
· connect to someone else’s unsecured WLAN just because you can - it is illegal.
© Crown Copyright, July 2008
Ref: 4163 /
Good practice guide
Wireless LANs
What is a LAN?
A local area network (or LAN) is a way of connecting a number of computers together, which are located in the same vicinity such as an office building, usually for file and printer sharing purposes.
Traditionally, connection to the network has been made via physical cables plugged into each device, linking all the computers and special network connectivity equipment together.
What is a wireless LAN?
A wireless LAN (or WLAN) is exactly that. Modern technology now allows this same connectivity to take place without the need for each device to be physically attached to the network using wires or cables.
The technology uses the transmission of radio type waves to enable communication between computer devices to take place over a limited area. This gives users the mobility to move around freely within the coverage area without losing connection to the network. It also means that users do not have to connect at designated workstation areas, but can work from anywhere they choose within the general coverage area.
Traditional LANs can be extended by adding wireless technology relatively easily and cheaply.
Wireless desktop computers, laptops and other devices are becoming increasingly popular both in the workplace and at home. The main reason for this trend is that wireless computers are relatively easy to deploy, inexpensive and usually simpler to manage than standard wired connections. Smaller organisations with, say, less than 150 users find that / wireless computing frees them from the conventional restrictions of cabling.
There are two main types of wireless networking:
· peer to peer, which allows computers to ‘talk’ directly to each other; or
· via an access point, which is a device that allows several devices to link together, and can provide further communication with the wired LAN.
Once a wireless access point has been installed, new computers and laptops can be added to the network without any further wiring requirements. Users can connect to the internet, send and receive emails, and do all the tasks they need to do just as they did before, but with increased mobility.
What are the risks?
Unfortunately there are risks associated with the use of wireless LANs. In particular, the question of security is quite often overlooked unless the wireless equipment has been installed with the guidance of an IT expert, and in accordance with any information security policies and procedures (assuming that such policies are in place).
There are two main reasons for ensuring that your wireless LAN is secure:
1 Security of your data
The whole concept of wireless is about broadcasting, which means that the information doesn’t just go to the target wireless connection, but is also available to anyone within broadcasting range. Furthermore, it is not just the transmitted information that is at risk, but potentially all other data held on your computer or LAN such as user / IDs and passwords, bank details and any other personal data that you wouldn’t wish to be generally accessible. This could lead to theft of confidential, personal and organisational information and has serious implications for compliance with the Data Protection Act 1998; in particular the 7th Principle which requires that “appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss and destruction of, or damage to, personal data”.
2 Unauthorised use of your network facilities
If your wireless LAN is unsecured, anyone within broadcasting range can pick up a connection and essentially ‘piggy-back’ off your wireless access point to obtain an internet connection, for example. This could be achieved quite simply by someone using a wireless laptop from their car parked outside your building. And very worryingly, if your connection is used for any illegal activity, such as perpetration of fraud or accessing illegal images from the internet, you or your organisation could be held responsible, even if you had no idea who actually did it.
What precautions can I take?
Depending on your level of technical expertise, you should probably seek expert advice to guarantee that your wireless LAN is appropriately secured. The following points are provided to try to help you to understand the kind of questions and terminology that you may need to ask about or gain assurance for. Many of the tools you need will be built into the wireless systems, or additional software can be purchased to provide further safeguards:
Ensure that the built-in wireless security features are enabled. Quite often the default settings will not have security enabled.