| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
This article appears courtesy of TechProGuild, TechRepublic’s premium service dedicated to providing network administrators and support professionals with proven, real-world solutions. TechProGuild members have access to this and other security-oriented original technical content, more than 250 fully searchable IT-related books, free featured downloads and more. Sign up for a free 14-day trial today!
Implementing a wireless networking system can result in serious security problems if the system is not properly secured. This is true of a wireless network deployed at home or one deployed in the office. In fact, some residential Internet service providers have clauses in their agreements that indicate that service is not to be shared with people outside of those covered by the agreement. If you deploy an insecure wireless network, it could result in a loss of service, or in the use of your network as a launching pad for attacks against other networks. To help you close these security holes, here are six quick wireless networking tips.
Why do I want to close the loop?
The point of properly securing a wireless access point is to close off the network from
outsiders who do not have authorization to use your services. A properly secured access
point is said to be "closed" to outsiders. A wireless network is more difficult to secure
than a typical wired network due to its nature. A wired network has a limited number of
fixed physical points of access while a wireless network can be used at any point within
the range of the antennas.
Plan antenna placement
The first step in implementing a closed wireless access point is to place the access
point's antenna in such a way that it limits how much the signal can reach areas outside
the coverage area. Don't place the antenna near a window, as the glass does not block the
signal. Ideally, your antenna will be placed in the center of the area you want covered
with as little signal leaking outside the walls as possible. Of course, it's next to
impossible to completely control this, so other measures need to be taken as well.
Use WEP
Wireless encryption protocol (WEP) is a standard method to encrypt traffic over a
wireless network. While it has major weaknesses, it is useful in deterring casual
hackers. Many wireless access point vendors ship their units with WEP disabled in order
to make the product installation easier. This practice gives hackers immediate access to
the traffic on a wireless network as soon as it goes into production since the data is
directly readable with a wireless sniffer.
Change the SSID and disable its broadcast
The Service Set Identifier (SSID) is the identification string used by the wireless
access point by which clients are able to initiate connections. This identifier is set by
the manufacturer and each one uses a default phrase, such as "101" for 3Com devices.
Hackers that know these pass phrases can easily make unauthorized use of your wireless
services. For each wireless access point you deploy, choose a unique and
difficult-to-guess SSID, and, if possible, suppress the broadcast of this identifier out
over the antenna so that your network is not broadcast for use. It will still be usable,
but it won't show up in a list of available networks.
Disable DHCP
At first, this may sound like a strange security tactic, but for wireless networks, it
makes sense. With this step, hackers would be forced to decipher your IP address, subnet
mask, and other required TCP/IP parameters. If a hacker is able to make use of your
access point for whatever reason, he or she will still need to figure out your IP
addressing as well.
Disable or modify SNMP settings
If your access point supports SNMP, either disable it or change both the public and
private community strings. If you don't take this step, hackers can use SNMP to gain
important information about your network.
Use access lists
To further lock down your wireless network, implement an access list, if possible. Not
all wireless access points support this feature, but if yours does, it will allow you to
specify exactly what machines are allowed to connect to your access point. The access
points that support this feature can sometimes use Trivial File Transfer Protocol (TFTP)
to periodically download updated lists in order to prevent the administrative nightmare
of having to sync these lists on every unit.
