How do you prevent being hacked while utilizing Wi-Fi LAN?
Say a company is offering Wi-Fi to customers. If the customer is given an IP address that is inside the normal address range for the company, how do you mitigate the exposure of a Denial of Service attach launched against an outside TCP/IP address by a user/customer? Also under the same scenario, how does the company mitigate the exposure of a customer being hacked while utilizing the Wi-Fi LAN?
1. Mitigate possible risk of DoS on IP address provided. Place server on a perimeter network, not on your internal one. (no internal network addresses are exposed.) Use a firewall and proxy, or "publish" the perimeter server you want customers to access. (No perimeter addresses given out.)
2. Wireless security options. Require authentication to access the network wireless. Use VPN to ensure authentication -- encryption. Use 802.1x authentication, use PEAP. These protect your network. To protect the client, require them to use antivirus, antispyware and use a firewall. Configure the access point(s) to require authentication and encryption to minimize the possibility of unauthorized users.
This was first published in April 2004