Regularly checking your WLAN for vulnerabilities will help keep your network safe
Network security is a never-ending task; it requires ongoing vigilance. Securing your wireless network can be particularly tricky because unauthorized users can quietly sneak onto your network, unseen and possibly undetected. To keep your WLAN secure, it’s important to stay on top of new wireless vulnerabilities. By regularly performing a vulnerability assessment on your wireless network, you can identify and close any security holes before a hacker can slip through them.
With a WLAN vulnerability assessment, you’re figuring out what your wireless network looks like to the outside world on the Internet. Is there an easy way in to your network? Can unauthorized devices attach themselves to your network? A WLAN vulnerability assessment can answer these questions—and more.
1. Discover wireless devices on your network. You need to know everything about each wireless device that accesses your network, including wireless routers and wireless access points (WAPs) as well as laptops and other mobile devices. The scanner will look for active traffic in both the 2.4GHz and 5GHz bands of your 802.11n wireless network. Then, document all the data you collect from the scanner about the wireless devices on your network, including each device’s location and owner.
2. Hunt down rogue devices. Rogue devices are wireless devices, such as an access point, that should not be on your network. They should be considered dangerous to your network security and dealt with right away. Take your list of devices from the previous step and compare it to your known inventory of devices. Any equipment you don’t recognize should be blocked from network access immediately. Use the vulnerability scanner to also check for activity on any wireless bands or channels you don’t usually use.
3. Test your authorized access points. Make sure the WAPs on your network are just as secure as your routers and any other device that can be accessed from the Internet. Because anyone can gain access to your network through a WAP, it must have the latest security patches and firmware installed. Make sure you’ve changed the default password from the factory-set ”admin“ to a strong, hard-to-crack password. Also, check that the WAP is configured to use the most secure options such as the strongest available authentication setting and an encrypted admin interface, is using filters to block unauthorized protocols, and is sending security alerts.
4. Update your device inventory. Now is a good time to find out if users have brought in any new wireless devices and check for any other new 802.11g or n devices that are accessing your WLAN. Update your inventory to include every smartphone, tablet, laptop, desktop, voice-over-IP (VoIP) phone, and any other wireless device that is approved to access your network. For each of these devices, find out if it is running the most current operating system and associated security patches, is running current antivirus and antispam software, and is configured according to your company’s security policy.
5. Take action and eliminate vulnerabilities. The last step is to plug the holes your vulnerability scanner reveals. For instance, install missing or new security patches to your WAPs and to users’ devices, change passwords so they’re more secure, and re-educate users about your security policy and acceptable use policy.
Of course, completing these five steps doesn’t mean your work is done. You should test your fixes, making sure they indeed closed the security holes. And then mark your calendar for the next regularly scheduled WLAN vulnerability assessment.
How frequently do you check your wireless network for new vulnerabilities?
You can performance an assessment using a network vulnerability scanner application, which typically runs on a Windows desktop and checks such things as network ports, operating systems, and applications for a wide variety of known vulnerabilities. Using a vulnerability scanner application to perform these five steps will help secure your wireless network.