Implementing wireless printing : security issues

Larger corporations have security policies that cover access to the corporate network. These policies typically cover things such as dial-up access, Internet access, VPN tunneling, and local area network access through traditional wired entry points. However, wireless access to the corporate network may not be covered due to its recent arrival on the networking scene. Your company may need to amend its security policies to provide a clause controlling access by non-employees to an unsecured wireless printing zone.

However, policies aren't enough to secure your network. There are always those who will obey the rules, and those who won't. You'll want to take steps to make wireless access to your network very difficult for those who don't play by the rules. There are several ways of accomplishing this goal.

Every wireless network card has a factory-assigned Media Access Control (MAC) number assigned to it. This MAC number, or address, is used by the card to announce itself to the network and to provide a way to get information to and from the card at the lowest levels of communications. Because every card has a unique MAC Address assigned to it, this address can be used to permit or deny users access to the wireless network or printing zone. To take advantage of MAC address security and add yet another layer of access control to your security, you'll need to configure each wireless access point to permit specific MAC addresses to access the network. By default, anyone not on that list will be denied entry to the network.

While this sounds like a fantastic way to manage access to the network, it can quickly become unmanageable. Companies with a handful of laptops, PDAs, or other wireless devices may be able to manage the list for a while, but eventually it will become difficult to keep track of which devices are legitimately allowed to access the network. With laptops that are stolen or cards that are lost, the potential for unauthorized access using just the MAC Address becomes greater.

Tip: It pays to come up with an efficient and effective system for tracking your MAC addresses and their related devices. A simple spreadsheet or database is a good start, and will be easier to manage if you put it in place early.

A final method for protecting your network from unauthorized access is to create a virtual private network that utilizes IPSEC encryption to create a "tunnel" between a client and a network resource. This can be implemented to protect the data from prying eyes, but does not prevent access to the wireless network or wireless printing zone. If you have extremely sensitive data, you may want to choose this method of access to ensure that your data is secure as it is transmitted from a client laptop to a network server or printer.

Keep in mind, however, that limiting access control via ESSID/SSID identifiers and MAC addresses is just one facet of your total security system. In addition to controlling access, you want to be sure the information floating around your wireless networks is also encrypted.

To combat the potential of someone either guessing or "snooping" the airwaves to find the SSID, as well as to protect data transmitted to and from wireless devices using 802.11b, manufacturers have developed WEP encryption. By using either a 40-bit or 128-bit key (choose a longer key to provide better protection), devices connected to the wireless network encrypt data bi-directionally to provide a secure connection. Bluetooth also provides 128-bit security, which allows unknown devices to be blocked from the network. In both cases, the keys need to be known to the wireless devices that need to gain network access. This pre-configuration with a known key is necessary to protect the network. Of course, with every type of protection, it must be enabled before it can be effective. Just having the potential to encrypt the network traffic is not enough until you've actually implemented it.

Warning: A complete wireless security plan involves a combination of the solutions covered here. Learn more about your security options in the white paper linked at right.

Implementing a wireless printing zone using one or more wireless printing technologies can provide your company with more flexible access to printing resources, as well as greater efficiency. Employees will find many ways to use wireless printing within your organization once you begin rolling it out. However, do your homework up front with security and coverage planning. This will help make your project a success and your users more productive.

How-to guides