The business risks of home WiFi networks

Share this content
6

With more employees connecting to the office from their home PCs, the risks of infection and unauthorised access have increased significantly. David Hobson of Global Secure Systems (GSS) explains how to minimise those risks.

Not so long ago, anyone wanting to work from home would only be allowed to do so using a company PC and a router hardwired into a secure virtual private network (VPN) that encrypted data between the home user and the office network.

We are seeing a drift away from this situation, with many organisations allowing much freer access to their internal networks from home-based computers. This scenario presents a new set of security challenges, particularly when employees are running home wirel...

Please Login or Register to read the full article

Replies

Please login or register to join the discussion.

avatar
15th May 2009 11:43

What about 3rd party remote access services
I see the comments about vpn and mac addresses.

Does the use of a service such as logmein or gotomypc address these issues?

These make a big deal about their security.

I presume also that all of this is moot if there are keyloggers etc on your machine anyway.

So the first line must be the device itself - whether it is a work machine or home or other machine.

Thanks (0)
avatar
By hughk
07th May 2009 13:03

Forget WiFi, the internet is dangerous...
There are many rumours about the perils of open home WiFi that are mostly being spread by ISPs who don't want access being shared. If you have no home server and a flatrate connection, there is no real win about using secure WiFi.

MAC (adapter address) restriction doesn't really work. There are utilities that will change your MAC address. WEP is totally broken and takes minutes to crack leaving WPA2 with a long, random key as the only option. WPA with a short word-based key can be broken in less than an hour or so.

However, if you are connecting from home to a corporate intranet, all of this is inadequate because somebody on the internet can claim to be say xyz.com for long enough to capture traffic.

The answer is end to end encryption. For connection to a corporate intranet use VPN. This constructs a private network over a public connection that will go from your laptop all the way to the server. If implemented properly, it is difficult to compromise. The same goes for access to web based services via https/SSL such as internet banking.

So in short, *however* you access the Internet, any connection to your corp intranet must be via VPN or if just to web based services, https. If these services are compromised, say by a virus then the security may not be worth anything. Work laptops to be used on the road should be heavily locked down and then they will remain secure.

Thanks (0)
avatar
07th May 2009 11:28

MAC address restrictions
How would one go about restricting MAC addresses Marc?

Thanks (0)
avatar
07th May 2009 11:27

Mac restriction
This is the only way to stop unauthorised access. A friend of mine spent a couple of hours at my brothers new flat and showed him he could use his neighbours internet for free whilst waiting for BT to install his.
Not sure how he did it but it took two hours and my laptop. Opened my eyes to how sensitive data could be changed on a network

Thanks (0)
avatar
07th May 2009 11:09

Consider MAC address restrictions?
I find MAC address restricting is the best form of security for a wireless network (certainly on a home network). Wi-Fi users can see the network, but can never successfully connect unless they are on your approved MAC address list.

Thanks (0)
avatar
By StefC
06th May 2009 08:12

Making any network a secure, trusted network
A great article, and valuable heads-up of security exposure, thank you David.

For people with concerns about securing data and devices across any network type, readers may want to look at the link below to see how enterprise and UK government customers are keeping control over secure transmission over untrusted networks. As a software-only product, it is free to download at evaluate for up to 100 users for a month (and they will come and help you install it at no cost :).

If this sounds useful, have a look at http://netmotionwireless.com/industries/enterprise.aspx

Cheers
Stef

Thanks (0)