CWNP Wireless Certification & Wireless Training

Your Account |

Search:

Free Stuff

Home Wireless Security

Add to:

Written by Devin Akin

Thursday, 07 February 2008

Cisco just released an article talking about how greater diligence is needed toward home Wi-Fi security.

http://www.marketwire.com/mw/release.do?id=817510

No doubt about it - they're right. So what is the market supposed to do? We have Wi-Fi Protected Setup (WPS) that dumbs Wi-Fi security down to a point where any chimpanzee could configure it. In my humble opinion, configuring WPA2-Personal with a strong passphrase is almost that easy as well when you're dealing with a SOHO class AP or WLAN router. I'm not sure it can get any easier from a technical standpoint. Hey, wait, I've got an idea - EDUCATION!

That's right, the answer to this problem is education. While some technical options exist to help this situation, like the Remote AP (RAP) offered by Cisco, Aruba, and several others, often this option isn't available.

Organizations should REQUIRE that telecommuters be educated on the proper use and security of the AP (or whatever Wi-Fi system) and the client devices that will be deployed in the home. Typically those devices are SOHO-class, and the user interface is very simple. This type of education would likely be 4-8 hours in length and cover the basics of logging into the interface, configuring the WLAN (channel, power, SSID), and configuring WLAN security (e.g. WPA2-Personal). It would also be beneficial to cover use of WPS with PINs and the like.

It's my perspective that the fault currently lies with the organization implementing Wi-Fi technology. They either don't know that they should educate their workforce or they refuse to do so. Either way, the ball is being dropped and security suffers. Just my $0.02 on the matter. :)

Comments (2) Add Comment

Subscribe to this comment's feed

...
written by Tom Carpenter, February 07, 2008

I would add that vendors, in the cases where home and SOHO entities are implementing WLANs without a governing enterprise over them, are to blame. Their documentation rarely emphasizes the need for security and, when you think about it, that makes sense from a marketing perspective. Why emphsize something that will make users agraid of the technology? Have the vendors sold out what the know - we need to secure these networks or else they are very dangerous to our privacy and data - for the big dollar? Couldn't be...

...and now we're up to a nickel, because that was my $0.03 on the matter.

BTW - I know Cisco's article doesn't cover these users, but I couldn't help myself.

...
written by Nick, February 26, 2008

Ok, both good points - but I'm going to have to add another couple of cents to the pile.
If anyone in this country (at least) is unaware of the need to properly secure their wireless equipment in 2008, then I think they are simply choosing to be an ostrich. Stories abound for the need to do so. That said, what excuse does a SOHO user, a small business owner, or anyone for that matter, have when deciding not to properly secure their WLAN?
The TV and newspapers have alerted all of us to the need for security, the web is full of resources (many "user" digestible), and vendors are making it easy to implement strong security.
So, perhaps the users themselves need to shoulder a large part of the responsibility for learning (self-education) to use the technology they purchase (or accept from their employer) properly?
From a vendor/sales/technology perspective most wireless products are at a point where personal responsibility is expected. Read the manual, Google for 15-30 minutes, maybe even post a question or two - then set up the AP.
We have the proper tools to secure wireless reasonably well at this point - period. If we (users) fail to use them how is that anyone else's fault?

Write comment