Wireless networks use radio frequencies to transmit and receive data. This means that someone walking, driving, or flying by can easily tap into your unsecured wireless connection without your knowing it. In fact, armed with the right tools – and these are readily available -- some people virtually stalk areas for an open wireless access point (WAP).
Once someone else gains access to your connection, he or she is free to send messages (including spam) from your IP address or grab unencrypted information you transmit. Once thieves are into your network, they can access open shares as well. Gaining unauthorized access to wireless networks and transmissions is one of the ways thieves obtain the information needed for identity theft. Users that transmit over unsecured wireless networks make the university vulnerable to unauthorized access to campus e-mail and network accounts.
Wireless users should use all available security features and tools at their disposal to prevent unauthorized use of their computers, accounts or smartphones. Some of these are listed below:
- Disable your wireless card and WAP when not in use (offline).
When you are not receiving or transmitting, it is safer to disable your wireless card on your computer and WAP thereby making access impossible to a would-be intruder.
- Use the latest wireless security standard: WPA2.
WPA2 stands for Wi-Fi Protected Access version 2, the current official Institute of Electrical and Electronics Engineers (IEEE) standard. It is based upon the 802.11i security standard and is more secure than WPA by using the Advanced Encryption Standard (AES) for encryption. If your wireless card is not WPA2 compatible, check with the vendor to see if it's upgradeable, or consider buying an external wireless card.
- If you cannot use WPA2, transmit data using WPA with a strong key.
Avoid sending data in clear text (i.e., unencrypted) or using weak encryption (WEP). If you cannot use WPA2, then enable WPA with a strong key (i.e., difficult to guess; at least 20 characters) instead. Remember to change your key regularly.
- Always encrypt confidential or sensitive data that is stored on, or transmitted from, a wireless capable device.
Select the following links for definitions of confidential, personal, and proprietary data. Contact your departmental ITC for encryption instructions.
- Employ a personal firewall on your computer.
- Turn off file sharing.
- Use SSL or SSH.
For any transmission requiring a password, always use encryption like a secured sockets layer (SSL) or secure shell (SSH). Use these modes for any transmission. Heed all security warnings and make certain your browser verifies valid SSL certificates.
- Use secure e-mail protocols.
Use e-mail protocols that are SSL enabled.
- Use MAC address filtering.
Employ media access control (MAC) address filtering to ensure that the WAP only communicates with certain wireless devices (i.e., register the MAC address on your wireless card with the WAP, which should “talk” to only the cards registered to it). Using MAC address filtering is not a guarantee of full security because MAC addresses can be copied (i.e., “spoofed”). However, using MAC does make access by unauthorized persons more difficult.
- Faculty and Staff: Use VPN to access campus resources.
When remotely connecting to the campus, use a VPN connection to securely access campus resources. VPN software for faculty and staff is available for downloading at http://www.calstatela.edu/its/services/network/vpn.php.
- Harden all your computer’s security systems.
Harden (strengthen) all security systems on your equipment (i.e., use strong passwords; authenticate access where possible; etc.).
- Be cautious if using instant messaging (IM).
Instant messages are generally transmitted as clear text making login scripts, passwords, credit card numbers, and other confidential information more accessible.
- Hide your SSID (prohibit SSID broadcast) and change the default WAP addresses.
Change the default service set identifier (SSID), the wireless network name, to one that is difficult to guess. Prohibit the broadcast of the SSID so that it does not indicate its availability for use. If possible, change your WAP’s default channel addresses: set your WAP to receive, but not to broadcast.
- Disable DHCP or change the default address range.
Disable Dynamic Host Configuration Protocol (DHCP) so that the IP address would need to be configured manually on your laptop. Or, as an alternative, change the default DHCP address range.
- Use a network router to close off access.
Your network router can be set to block access. The router, or any access point, should require strong passwords in order to access administrative functions. Disallow wireless access to these administrative functions.
Other Security Tips
Select the links below for tips on securing your devices.
- Implement Security Measures on Laptops, Tablets or Smartphones
- Safeguard Laptop and Tablet Contents
- Physically Safeguard the Laptop, Tablet or Smartphone
- Secure the Laptop, Tablet or Smartphone When Traveling
- Report Laptop Damage, Loss, Theft, and Security Breaches
For more information:
- Lost or Stolen Computer or Electronic Storage Device Report
- User Guidelines for Reporting a Lost or Stolen Computer or Electronic Storage Device