I was interviewed this morning on the Loose Talk show on LMFM Radio to discuss the recent chargesagainst eleven individuals for hacking into TJX’s networks and stealing over 40 million credit card details. The focus of the chat was on wireless networking and why it is so important to ensure it is set up securely.
A lesson learnt by this poor gentleman in India who first knew his wireless network was insecure when police raided his house and arrested him on suspicion of being a terrorist involved in the recent Mumbai bombings. Apparently the terrorists had used his open wireless network from which to send an email claiming responsibility for the attack.
The biggest mistakes we see when analysing companies wireless networks;
- Have Wireless enabled by default without knowing it.
- Do not have security enabled on the Wireless Access Point enabling anyone to connect to the network.
- Implementing weak encryption settings such as WEP to secure the wireless network.
- Not segmenting the wireless network from the core network using a firewall.
- Not employing VPN technology to secure access over the Wireless network.
- Not monitoring network traffic to spot suspicious activity.
- Not monitoring the network to detect unauthorised Wireless Access Points
- No security set up on the wireless clients to ensure they only connect to authorised networks.
Wireless technology is very useful and beneficial but you should ensure that you deploy it correctly and securely.