Posts Tagged ‘Wi-Fi’

This is Part Two of our February Feature of the Month series. Last week, we honored the all-new Access Point Name (APN) feature in NCP’s entry and enterprise IPsec VPN clients.

Enterprises today are facing significant challenges related to remote computing due to their increasingly fragmented geographies. For instance, companies are not only contending with how to enable automated roaming between their solutions on premises and remote hotspots, but they are also responsible for making sure this seamless roaming is secure for employees working off-site.

To meet these industry needs, NCP engineering has enhanced its client suite to support integrated 3G cards, which ensure secure network connections for mobile workers when used in conjunction with the NCP Secure Enterprise VPN Server. NCP has combined 3G / 4G and VPN connection setup into a single, graphical user interface, simplifying the installation and deployment processes for both IT personnel and individual users.

Additionally, the NCP Secure Enterprise Client allows devices to automatically transition between a variety of communication mediums, including Wi-Fi, xDSL, LAN, ISDN and WWAN, making it easy for users to connect to their corporate networks from any location. Since the solution dynamically redirects the VPN tunnel without disrupting mobile computing sessions, employees are guaranteed uninterrupted connections to their networks.

Beyond that, for enhanced protection, the solution automatically recognizes secure and insecure networks to connect to while users are roaming. With its Friendly Net Detection feature, the IPsec VPN client then activates the appropriate firewall and security policies without the end user needing to lift a finger.

Want to learn more about the NCP Secure Enterprise Client’s integrated support of 3G / LTE cards? Additional information can be found here. 

Not so long ago, business travelers could only access the Internet through a telephone line and a notebook modem in a hotel. Today, Internet access has become not only ubiquitous, but also fast and largely reliable.  The vast majority of hotels provide Wi-Fi or LAN connections for guests to connect their notebooks, tablet PCs or smartphones and log onto their corporate network.

Unfortunately, too many hotels operate under the misconception that everyone uses SSL VPNs to remotely connect to their corporate networks. The reality is, however, a large number of companies prefer IPsec VPNs but many hotels block these connections. In fact, there are two network components frequently cause this trouble in hotels – the firewall or the proxy server. And this is not just annoying for guests, but it’s bad for the hotel’s business. What hotel wants to be tarred with a reputation for being unaccommodating to the needs of business travelers?

It is not just hotels that struggle with such problems regarding IPsec connections. Each sales employee who has tried to logon to a guest Wi-Fi network at a customer’s site has likely faced similar issues. Not only do many firewalls block IPsec connections, but so do several radio communication networks.

Now that we’ve identified the problem with securing remote access in hotels and other remote sites, what will it take for guests to easily and securely access their company network, despite firewall and proxy server issues? Tune in next time for part two —  the solution.

By Sylvia Rosen

Imagine, you’re at the train station on your way to an important meeting. While you’re waiting, you’re drafting an urgent email. Just before you hit the send button, your wireless connection is lost – and with it, you lose your VPN connection and the link to your office email. Frustrated, you log back in, crossing your fingers that your email saved. Of course, it didn’t. Twenty minutes – and lots of good ideas — down the drain.

Sound familiar? Too many VPN solutions aren’t enabled to handle connection outages or changes, resulting in wasted productivity, and even worse, lost data.  This hassle is eliminated with VPNs that support roaming among different types of networks — allowing users to focus on business instead of worrying about their connection. VPNs with seamless roaming automatically switch to the best available network and ensure that users never have to re-authenticate.

Seamless Roaming

Seamless roaming enables smooth transitions between networks, making it ideal for traveling professionals who are always on the go. VPNs that enable seamless roaming secure your data, even in the event of a wireless outage or switching between networks, like Wi-Fi and 3G.

“If all your traffic goes to the VPN while you are connected to it, then everything is secure; nobody can really attack your machine,” explains Rainer Enders, the CTO Americas for NCP engineering. “When the VPN drops, you go back to regular ‘connecting mode’ through the Internet. If your VPN doesn’t enable seamless roaming, you now have a connecting path that is an insecure tunnel, which is why your connection to your corporate server will likely give way.”

Seamless roaming VPN, however, changes this. With seamless roaming, IT administrators can now ensure that each piece of equipment can connect securely and stay connected securely. Stay tuned for more on this.

Sylvia Rosen writes articles on a variety of telecom topics, including VoIP Phone Systems and Call Center Services.

By Jeff Orloff

Mobile computing is quickly becoming the cornerstone of education in America. Whether schools are purchasing mobile devices for students or they are adopting a BYOD (bring your own device) policy, students who are not incorporating smart phones, iPod touch devices, tablets or laptops into their learning are rapidly finding themselves on the wrong side of a new digital divide.

But of course, to take full advantage of mobile computing in the classroom, you need a connection to the Internet, and for a mobile device, this means a connection via Wi-Fi. This can pose some security risks, especially for schools. When it comes to security, Wi-Fi can quickly turn from a perfect solution to a perfect nightmare because of any number of the following security concerns. Here are the most common security issues and how to solve them.

Rogue Access Points

This threat takes place when the attacker sets up a fake access point that tricks users into connecting to it, rather than through a legitimate connection. Whether it’s a student or teacher connecting, the traffic can be sniffed for any information that passes through the rogue point, compromising confidential information or user credentials.

Additionally, rogue access points cause service degradation in the TTL value in all packets that traverse through it. And if configured to do so, rogue access points can assign IP addresses to wireless devices instead of the school’s DHCP server, causing a loss of service. This is usually one of the first indications that there is a rogue access point on your network.

Once a rogue access point has been identified, locating and removing it is the next step. However, since most rogue access points are hidden, finding the physical device can be difficult.

One of the best methods for locating these devices on your campus is called the convergence method. This requires a WLAN radio card with an omnidirectional antenna (which is what most notebook computers use) and software that will measure signal strength or a specialized hardware RF signal strength meter. Once the signal from the rogue device is picked up, you play a high tech version of hot and cold as the signal strength will increase as you get closer to the access point. The search should be done by segmenting the area into four quadrants. Once the signal is found, the quadrant it is located in should be segmented again, and so on until the device is found.

Multiple Wi-Fi Networks

In many districts, two or more networks are set up. One network is typically for internal employee use and a second network that has been configured for public or even student use. Connecting to the wrong network can mean the difference between sending encrypted data and data in plain text. Without encryption, sensitive student information and employee information, can be easily captured via a traffic sniffer or man in the middle attack.

Even layer two and layer three encryption are often insufficient for sensitive information, so most wireless LANs require application level encryption, as well, to prevent confidential information from being compromised.

To avoid problems associated with multiple networks, users (especially those who deal with confidential data) should be trained to connect to the proper network. Further encryption of confidential data on the clients can be done using software to encrypt the file system and data transmitted via Wi-Fi.

Wi-Fi Configuration

Typically, bigger school districts can employ a large team of IT professionals. Some may specialize in networking, others in server technologies, and others are hired for their expertise in security. For these larger districts, failing to properly configure a Wi-Fi device is less likely.

However there are smaller school districts across the country whose IT budgets don’t allow for the hiring of such personnel. In these instances, it’s likely the IT staff may consist of only a few, or maybe even one person. Having to take on multiple roles can easily lead to a person not knowing enough about wireless security to adequately protect the devices or simply not having the time to do so. When that’s the case, at a minimum, all access points should be configured by:

  • Setting WPA2 encryption on all access points
  • Changing the SSID on all access points
  • Changing the pre-set password on the access points

Further steps to configure your Wi-Fi network can be taken by turning off identifier broadcasting and allowing only legitimate devices to connect via MAC address filtering.

The truth is, most schools are already using Wi-Fi to some extent. However the implementation of more wireless devices is only set to expand as districts evaluate digital textbooks and handheld learning simulation software. The question is, will they be ready to handle the security when the time comes?