|
|
|
|
|
Securing wireless networks
Basic checklist
- Segregate Wireless Access
Don't connect your wireless networks to the networks that contain
your crucial data. Instead, segregate your wireless connection and make
it available for Internet access only if possible. This setup will let
employees access Internet services such as Web, email, VPN, Microsoft
Outlook Web Access (OWA), and other similar corporate services.
- Use Encryption (WPA or WEP)
The primary security model that Wi-Fi networks employ is called Wired Equivalent Privacy (WEP). Basically, WEP is a set of algorithms that provide authentication and
data-encryption services in 40-bit and 128-bit variants. Unfortunately,
attackers have already broken WEP. If your network devices support a stronger encryption like WPA, choose that instead of WEP.
- Turn Off Wireless Network Broadcasting
By default, wireless APs broadcast their names, or Service Set
Identifiers (SSIDs), so that wireless-enabled clients can more easily
identify the names and access them seamlessly. Modern OSs such as XP
rely on this feature to provide users with the simplest possible
wireless functionality. Turn it off. A network broadcast is an easy way
for intruders to discover a way in to your network or steal your
precious bandwidth. You'll have to manually configure clients to access
specific broadcasts, but the benefits outweigh the effort.
- Require Specific MAC Addresses
Rather than let any wireless client access your wireless network, set
up your wireless APs to work only with specific wireless clients.
Configure this limited access by hard-coding the MAC address of each
wireless network adapter you provide to users into an access list in the
AP's configuration console. Again, manually configuring this access
could be painful in large enterprises, but you don't want outsiders
accessing your network, right?
Tools
More info
| Published: 7/02/2002 | Document Type: General |
| Last modified: 26/05/2008 | Target: Administrator |
| Visibility: Public | Language: English |
[top]
|
