Health Information Management

Are wireless local area networks really that insecure?

HIPAA Weekly Advisor, August 8, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q: Are wireless local area networks really that insecure?

A: In a nutshell, wireless local area networks (WLANs) aren't really any less secure that wired networks. They each have their weaknesses. As with other types of information systems, the security weakness lies in the management of WLANs. It is understood that when WLAN devices-access points (APs), network cards, etc.-are used with factory default settings, networks and information can be put at risk. Given this, some common sense and a few system-hardening best practices can help you achieve what can be considered reasonable WLAN security.

It is critical to secure the wireless backbone components, such as APs, bridges, hubs, and switches. However, there are many other components-and entry points into WLANs-that need to be considered when assessing security. Your WLAN will only be as secure as the weakest link in the overall infrastructure. You can have the most secure WLAN backbone in the world, but all it takes to expose your systems is something as simple as an exposed antenna or an insecure wireless workstation. The best answer to the above question is to give equal importance to every component in the wireless network, including workstations operating systems, wireless cards, APs, wireless bridges, antennas, hubs, switches, and any routers or firewalls on the WLAN segment.

In no particular order, you should at least do the following to secure your APs (if your system will let you):

  • Change the default password to a very strong password
  • Rename the administrator account
  • Change the Web-based management port number
  • Only allow Web-based management from the internal network, and preferably only via an encrypted link (virtual private network [VPN], secure shell, etc.)
  • Enable strong administrator authentication
  • Test and apply the latest firmware patches on an ongoing basis
  • Enable-but don't completely rely on-wired equivalent privacy (WEP)
  • Change your WEP keys often
  • Disable WEP. And enable the authentication and key management features built into Wi-Fi Protected Access and/or 802.11I features as they become available from your equipment manufacturer
  • Enable-but don't completely rely on-media access control address access control
  • Change your default service set ID
  • Disable simple network management protocol if it's not needed, or at least change the default community string
  • Consider what might happen when power fails (Is it possible for you to lose your AP configuration?)
  • Terminate APs outside of the firewall
  • Segment internal network segments away from WLAN with a firewall, since an AP behind a firewall can possibly render this protective barrier useless

    Editor's note: Answered by Kevin Beaver, CISSP, founder and president of Atlanta-based information security consulting firm Principle Logic, LLC, and excerpted from the August 2003 issue of Healthcare Information Security.



    • Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

    • Briefings on APCs

      Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

    • Medical Records Briefing

      Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

    • Briefings on Coding Compliance Strategies

      Submitting improper Medicare documentaion can lead to denial of fees, payback, fines, and increased diligence from payers...

    • Briefings on HIPAA

      How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

    • APCs Weekly Monitor

      This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

    Most Popular

    Related Articles