The business risks of home WiFi networks

WiFi risksWith more employees connecting to the office from their home PCs, the risks of infection and unauthorised access have increased significantly. David Hobson of Global Secure Systems (GSS) explains how to minimise those risks.


Not so long ago, anyone wanting to work from home would only be allowed to do so using a company PC and a router hardwired into a secure virtual private network (VPN) that encrypted data between the home user and the office network.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

What about 3rd party remote access services

AnonymousUser | | Permalink

I see the comments about vpn and mac addresses.

Does the use of a service such as logmein or gotomypc address these issues?

These make a big deal about their security.

I presume also that all of this is moot if there are keyloggers etc on your machine anyway.

So the first line must be the device itself - whether it is a work machine or home or other machine.

Forget WiFi, the internet is dangerous...

hughk | | Permalink

There are many rumours about the perils of open home WiFi that are mostly being spread by ISPs who don't want access being shared. If you have no home server and a flatrate connection, there is no real win about using secure WiFi.

MAC (adapter address) restriction doesn't really work. There are utilities that will change your MAC address. WEP is totally broken and takes minutes to crack leaving WPA2 with a long, random key as the only option. WPA with a short word-based key can be broken in less than an hour or so.

However, if you are connecting from home to a corporate intranet, all of this is inadequate because somebody on the internet can claim to be say xyz.com for long enough to capture traffic.

The answer is end to end encryption. For connection to a corporate intranet use VPN. This constructs a private network over a public connection that will go from your laptop all the way to the server. If implemented properly, it is difficult to compromise. The same goes for access to web based services via https/SSL such as internet banking.

So in short, *however* you access the Internet, any connection to your corp intranet must be via VPN or if just to web based services, https. If these services are compromised, say by a virus then the security may not be worth anything. Work laptops to be used on the road should be heavily locked down and then they will remain secure.

MAC address restrictions

AnonymousUser | | Permalink

How would one go about restricting MAC addresses Marc?

Mac restriction

stevebaker22 | | Permalink

This is the only way to stop unauthorised access. A friend of mine spent a couple of hours at my brothers new flat and showed him he could use his neighbours internet for free whilst waiting for BT to install his.
Not sure how he did it but it took two hours and my laptop. Opened my eyes to how sensitive data could be changed on a network

marcspillman's picture

Consider MAC address restrictions?

marcspillman | | Permalink

I find MAC address restricting is the best form of security for a wireless network (certainly on a home network). Wi-Fi users can see the network, but can never successfully connect unless they are on your approved MAC address list.

Making any network a secure, trusted network

StefC | | Permalink

A great article, and valuable heads-up of security exposure, thank you David.

For people with concerns about securing data and devices across any network type, readers may want to look at the link below to see how enterprise and UK government customers are keeping control over secure transmission over untrusted networks. As a software-only product, it is free to download at evaluate for up to 100 users for a month (and they will come and help you install it at no cost :).

If this sounds useful, have a look at http://netmotionwireless.com/industries/enterprise.aspx

Cheers
Stef