A best practice guide for information technology: 12 essential rules for securing your digital equipment.

(Translated from: Guide des Bonnes Pratiques de l’informatique. 12 règles essentielles pour sécuriser vos équipements numériques.)

(www.ssi.gouv.fr/uploads/2015/03/guide_cgpme_bonnes_pratiques.pdf). Version 1.1.1 – Janvier 2017 20170111-1014. Licence Ouverte/Open Licence (Etalab – V1). Agence Nationale de la Sécurité des Systèmes d’information. ANSSI – 51, boulevard de la Tour-Maubourg – 75700 PARIS 07 SP.

By Edward Eggleston

 


(part 3)

5. Secure the Wi-Fi access for your organization

The wireless access point for Julie’s business was configured with WEP encryption. Without Julie’s knowledge, a neighbor used software to decipher her (wireless) encryption key in less than two minutes. He then used her wireless access point to participate in an attack on a government Internet site. Because of this, Julie became a suspect in the police investigation.

The use of WiFi is an attractive alternative. Yet one must remember that poorly secured WiFi can allow others to intercept your data and use your connection, without your knowing, to carry out hostile or illegal activities. These reasons make WiFi access questionable in a business setting: a wired network is still more secure and offers better performance.

In some situations, WiFi is the only Internet access available. Situations like this require a securely configured access point. The following points should be considered.

a) Do not hesitate to get technical help from your service provider. Internet service providers can guide you through the steps for proper configuration, during which you can apply these security recommendations:

1. When you make your first connection from computer to access point (WiFi), open your browser to configure this equipment. The configuration interface should appear with opening the browser. Use this interface to modify the connection identifier and default password you were given by the service provider.

2. Use the same configuration interface to verify that WPA2 encryption is available. Activate this protocol. If it is not available, use WPA-AES (never use WEP encryption, which can be broken in minutes).

3. Modify the default connection key (which is often displayed as a label on the access point). This key (password) should have more than 12 characters, and use different character types. (See the first section of this guide concerning robust passwords.)

4. Only give this connection key to trusted third parties. The key should be changed regularly.

5. Activate firewall functions.

6. Turn off your access point when it is not in use.

b) Do not use “public” WiFi (networks offered in train stations, airports, or hotels) for security and confidentiality reasons.

c) Make sure your computer is well protected with antivirus software and a firewall. (See also no. 7: Protect your data when traveling.) If using public WiFi is the only available option (when traveling for example), personal or confidential (especially financial) data transfer must be avoided. Finally, letting clients, suppliers, or other third parties connect to your (WiFi or wired) network is not recommended.

d) The preferred way to offer third party WiFi access is through a separate or dedicated access point, if this must be done. Never share your connection.

6. Be as careful (prudent) with smart phones or tablets as you are with (other) computers

Arthur used his smart phone for professional and personal activities. While installing an app, he did not block access for it to his personal data. This gave the app’s programmer access to all of the SMS data on his phone.

Although offering many innovative services, smart phones today are not very secure. This makes applying certain elementary IT security rules necessary:

a) Only install necessary apps, and know what data they can access before downloading them (location information, contacts, phone call records…). Some apps request access to data not needed for their functions, and should not be installed.

b) In addition to the PIN for your phone card, use a lock pattern or password to secure your phone and configure it for an automatic lock screen.

c) Make regular backups of your data on an external storage system. This provides data access if the device is reset to its original state.

d) Do not store passwords (on your device). (See part 1 from this series.)