Security in wireless local area networks - PTS-ER-2007:16
15/06/2007
Vulnerabilities in wireless local area networks mainly include eavesdropping, unauthorised access to the network and interference. These vulnerabilities arise since data in wireless local area networks is transmitted by means of radio waves, which can be intercepted, and the information is often sent as cleartext, that is, without encryption. In public wireless networks, data is usually not encrypted, and in private wireless networks, this usually takes place when users activate encryption.
Users have a low level of security awareness, but this has increased somewhat for private wireless networks. There is a lack of information as regards the security level of public wireless networks. Security issues have had little impact on market developments pertaining to public wireless networks. There is a trend toward more wireless local area networks and products that support this technology.
The National Post and Telecom Agency (PTS) has drawn up advice to increase the level of security for users of wireless local area networks.
Advice when using private wireless networks includes:
• disconnecting the network when it is not in use
• changing the preset user name and password in new equipment for administration of the network
• changing the name of the network and disconnecting automatic broadcasting of the name
• activating the most secure level of encryption permitted by the equipment
• deciding which computers should have access to the network
• using manual (statically) allocated IP addresses so that adjacent computers cannot connect to your network
• reducing coverage of the network
• changing channels from the basic configuration of new equipment
Advice when using public wireless networks includes:
• assuming that all communication is unprotected and using a secure connection when dealing with sensitive information
• ensuring that you are not unwittingly communicating with the outside world
• being aware of any false access points and social factors
It is generally recommended when using the Internet to have an up-to-date firewall, antivirus program and operating system as well as strong passwords. PTS considers that providers of public wireless networks must provide information about the level of security of the network and give recommendations to users. Users should demand security to a greater extent. Suppliers of equipment for wireless networks should facilitate security measures through better configurations in new equipment. PTS will continue to provide information about security in local wireless networks.