If you have wireless networks in your organization, chances are that you are using Wireless Equivalent Privacy (WEP). This is a security protocol that is supposed to make data sent over a wireless network tough to capture. But there's a hole in WEP, and this tip, excerpted from InformIT, talks about how to try to patch that security hole. The tip comes at the end of a long discussion about WEP and how it works that is well worth reading on the InformIT site.
For those people who are concerned about this threat [of a security hole in WEP], there are several things that can be done to secure the WEP hole.
First, use WEP. Although this may seem ridiculous, the simple fact that you use WEP will cause most hackers to skip your WLAN and move on to an unprotected target.
Second, use a RADIUS server for authentication. This will ensure that each user is permitted access to the internal network only with a user name and password. Although this is some protection, the RADIUS server should also use a time limit on the keys. This is due to further weaknesses and dangers, known as ARP poisoning, in which a hacker can take over an existing session and bypass any RADIUS requirements. By setting the time to 30 minutes, you can be sure that no hacker can successfully crack WEP.
[Third], set up a VPN on top of the WLAN connection. This will provide further protection and require yet another password to connect. The downside of this is that it will slow the connection speed due to VPN encryption overhead.
[Fourth], control access to the internal network using the user name and passwords. This will protect your resources if a laptop is stolen or if the account information is pilfered.
In addition to these measures, there are additional things one can do to increase security. Tokens, DMZs, radiation zones, and more can be used to control who has what access, where, and for how long. In short, just as with a regular network, you have to weigh the need with the costs of having users jump through more security gates to access their data.
Too much security, and no one will use the service or will find ways around it. Too little, and you may have the wrong people accessing your data.
To read the entire article from which this tip is excerpted, click over to InformIT. You have to register to read the article, but registration is free.
This was first published in September 2002