 |
 |
 | | |
|
Networking always presents the potential for security breaches within your network, and wireless environments present new challenges that wired environments have minimized. While a wired network has a finite number of entries into the network, a wireless access point provides service to any device within the technology's effective reach. With Bluetooth technology, you can limit physical proximity to prevent any stray access to devices on the corporate network. However, wireless technologies that provide long-range connectivity, such as 802.11b, present different security issues since they typically cannot be contained within the boundaries of the office space.
Start with your security policy
Larger corporations have security policies that cover access to the corporate network. These policies typically cover things such as dial-up access, Internet access, VPN tunneling, and local area network access through traditional wired entry points. However, wireless access to the corporate network may not be covered due to its recent arrival on the networking scene. Your company may need to amend its security policies to provide a clause controlling access by non-employees to an unsecured wireless printing zone.
However, policies aren't enough to secure your network. There are always those who will obey the rules, and those who won't. You'll want to take steps to make wireless access to your network very difficult for those who don't play by the rules. There are several ways of accomplishing this goal.
Secret ESSID/SSID identifiers
Wi-Fi 802.11 wireless networks require a service ID (ESSID/SSID) to gain access to the wireless network. It works something like a workgroup under Windows. When you try to access a wireless network, you need to have a specific service ID to participate in that network. While this sounds like a password, in reality it is more of a way to keep track of which access point a card should be using in cases where overlapping wireless access points exist. In fact, there are "snoop" programs that will listen for the SSID that is being used so someone can gain access with that ID to your wireless network. When you keep your ESSID/SSID identifiers secure (as best you can despite snoop programs) you can better control who has access to your network and keep unwanted visitors out.
MAC address filtering
Every wireless network card has a factory-assigned Media Access Control (MAC) number assigned to it. This MAC number, or address, is used by the card to announce itself to the network and to provide a way to get information to and from the card at the lowest levels of communications. Because every card has a unique MAC Address assigned to it, this address can be used to permit or deny users access to the wireless network or printing zone. To take advantage of MAC address security and add yet another layer of access control to your security, you'll need to configure each wireless access point to permit specific MAC addresses to access the network. By default, anyone not on that list will be denied entry to the network.
While this sounds like a fantastic way to manage access to the network, it can quickly become unmanageable. Companies with a handful of laptops, PDAs, or other wireless devices may be able to manage the list for a while, but eventually it will become difficult to keep track of which devices are legitimately allowed to access the network. With laptops that are stolen or cards that are lost, the potential for unauthorized access using just the MAC address becomes greater.
Tip: It pays to come up with an efficient and effective system for tracking your MAC addresses and their related devices. A simple spreadsheet or database is a good start, and will be easier to manage if you put it in place early.
Virtual Private Network (VPN)
A final method for protecting your network from unauthorized access is to create a virtual private network that utilizes IPSEC encryption to create a "tunnel" between a client and a network resource. This can be implemented to protect the data from prying eyes, but does not prevent access to the wireless network or wireless printing zone. If you have extremely sensitive data, you may want to choose this method of access to ensure that your data is secure as it is transmitted from a client laptop to a network server or printer.
Keep in mind, however, that limiting access control via ESSID/SSID identifiers and MAC addresses is just one facet of your total security system. In addition to controlling access, you want to be sure the information floating around your wireless networks is also encrypted.
Wired Equivalent Privacy (WEP) encryption
To combat the potential of someone either guessing or "snooping" the airwaves to find the SSID, as well as to protect data transmitted to and from wireless devices using 802.11, manufacturers have developed WEP encryption. By using either a 40-bit or 128-bit key (choose a longer key to provide better protection), devices connected to the wireless network encrypt data bi-directionally to provide a secure connection. Bluetooth also provides 128-bit security, which allows unknown devices to be blocked from the network. In both cases, the keys need to be known to the wireless devices that need to gain network access. This pre-configuration with a known key is necessary to protect the network. Of course, with every type of protection, it must be enabled before it can be effective. Just having the potential to encrypt the network traffic is not enough until you've actually implemented it.
Warning: A complete wireless security plan involves a combination of the solutions covered here. Learn more about your security options in the white paper linked at right.
Implementing a wireless printing zone using one or more wireless printing technologies can provide your company with more flexible access to printing resources, as well as greater efficiency. Employees will find many ways to use wireless printing within your organization once you begin rolling it out. However, do your homework up front with security and coverage planning. This will help make your project a success and your users more productive.
|
Rate this information |
|
| To download the latest Adobe® Reader®, please go to the Adobe website at http://www.adobe.com. Adobe and Reader are trademarks of Adobe Systems Incorporated. |
| |
|
Implementing wireless printing | |
|
Related links | |
|
Printable version
