Secure Your Laptop's Wireless Connection

SecurityTip: Prevent unauthorized access to your computer by securing your wireless connection.

Wireless networks use radio frequencies to transmit and receive data. This means that someone walking, driving, or flying by can easily tap into your unsecured wireless connection without your knowing it. In fact, armed with the right tools – and these are readily available -- some people virtually stalk areas for an open wireless access point (WAP).

Once someone else gains access to your connection, he or she is free to send messages (including spam) from your IP address or grab unencrypted information you transmit. Once thieves are into your network, they can access open shares as well. Gaining unauthorized access to wireless networks and transmissions is one of the ways thieves obtain the information needed for identity theft. Users that transmit over unsecured wireless networks make the university vulnerable to unauthorized access to campus e-mail and network accounts.

Laptop users should use all available security features and tools at their disposal to prevent unauthorized use of their computers. Some of these are listed below:

1. Disable your wireless card and WAP when not in use (offline).
   When you are not receiving or transmitting, it is safer to disable your wireless card and WAP thereby making access impossible to a would-be intruder.
2. Use the latest wireless security standard: WPA or WPA2.
   WPA stands for Wi-Fi Protected Access, the current official Institute of Electrical and Electronics Engineers (IEEE) standard. It is based upon the 802.11i security standard and is more secure than Wired Equivalent Privacy (WEP). If your wireless card is not WPA compatible, check with the vendor to see if it's upgradeable, or consider buying an external wireless card (PCMCIA or USB). (For more information on the benefits of WPA, read WPA Wireless Security for Home Networks by Barb Bowman, published July 28, 2003, Windows XP Expert Zone Community at http://www.microsoft.com/windowsxp/using/ networking/expert/bowman_03july28.mspx)
3. If you cannot use WPA, transmit data using WEP with a strong key.
   Avoid sending data in clear text (i.e., unencrypted). If you cannot use WPA, then enable 128-bit Wired Equivalent Privacy (WEP) with a strong key (i.e., difficult to guess; NOT a default or simple key) instead.  WEP can also refer to Wired Equivalent Protocol or Wireless Encryption Protocol. WEP encrypts transmissions between a wireless user and a WAP. Set the authentication to Shared Key Authentication. Remember to change your key regularly.
4. Always encrypt confidential or sensitive data that is stored on, or transmitted from, a wireless laptop.
   Select the following links for definitions of confidential, personal, and proprietary data. Contact your departmental ITC for encryption instructions.
5. Employ a personal firewall on your laptop.
6. Turn off file sharing.
7. Use SSL or SSH.
   For any transmission requiring a password, always use encryption like a secured sockets layer (SSL) or secure shell (SSH). Use these modes for any transmission. Heed all security warnings and make certain your browser verifies valid SSL certificates.
8. Use secure e-mail protocols.
   Use e-mail protocols that are SSL enabled.
9. Use MAC address control.
   Employ media access control (MAC) address control to ensure that the WAP only communicates with certain wireless devices (i.e., register the MAC address on your wireless card with the WAP, which should “talk” to only the cards registered to it). Using MAC address control is not a guarantee of full security because MAC addresses can be copied (i.e., “spoofed”). However, using MAC does make access by unauthorized persons more difficult.
10. Faculty and Staff: Use VPN to access campus resources.
    When remotely connecting to the campus, use a VPN connection to securely access campus resources. VPN software for faculty and staff is available for downloading at www.calstatela.edu/its/techsupport/vpn/.
11. Harden all your laptop’s security systems.
    Harden (strengthen) all security systems on your laptop (i.e., use strong passwords; authenticate access where possible; etc.).
12. Be cautious if using instant messaging (IM).
    Instant messages are generally transmitted as clear text making login scripts, passwords, credit card numbers, and other confidential information more accessible. 
13. Hide your SSID (prohibit SSID broadcast) and change the default WAP addresses.
    Change the default service set identifier (SSID), the wireless network name, to one that is difficult to guess. Prohibit the broadcast of the SSID so that it does not indicate its availability for use. If possible, change your WAP’s default channel addresses: set your WAP to receive, but not to broadcast.
14. Disable DHCP or change the default address range.
    Disable Dynamic Host Configuration Protocol (DHCP) so that the IP address would need to be configured manually on your laptop. Or, as an alternative, change the default DHCP address range.
15. Use a network router to close off access.
    Your network router can be set to block access. The router, or any access point, should require strong passwords in order to access administrative functions. Disallow wireless access to these administrative functions.

Other Laptop Security Tips

Select the links below for tips on securing your laptop computer.

1. Implement Security Measures on New or First-Issued Laptops
2. Safeguard Laptop Contents
3. Secure the Wireless Laptop Connection
4. Physically Safeguard the Laptop
5. Secure the Laptop When Traveling
6. Report Laptop Damage, Loss, Theft, and Security Breaches

For more information:

• Lost or Stolen Computer or Electronic Storage Device Report (selectn the Incident Response top on the ITS Forms web page)
• User Guidelines for Reporting a Lost or Stolen Computer or Electronic Storage Device on the Information Technology Guidelines and Policies web page

top

Footer