Q

Securing a wireless LAN 802.11b

What are the options available to me when looking at securing a wireless LAN 802.11b?
First, realize there are ways around most common security for 802.11b; have a policy of no access points unless installed by IT. Then firewall your access points. By that, I mean assume all access to your network via wireless is untrusted. Place the wireless access point on the outside of its own firewall and your network on the inside. Only allow authenticated users through the firewall. Another possible alternative is to require VPN access. Place the access point on the external of VPN server and require users to VPN in.

Second, use the provided security mechanisms. Use WEP and use strong keys. Granted, this is a weak encryption algorithm;

it is possible that your transmissions may be captured and decrypted. But this is no excuse to not use it, as most casual listeners will not go through the trouble of attempting to break WEP. Why should they when so many clear text transmissions are available? Filter by MAC address. While it is possible for a determined attacker to spoof the MAC address of a legitimate user, she must first find the approved MAC addresses to attack.

Third, secure the wireless clients. As they join the untrusted wireless network, it's like they have connected directly to the Internet. Use personal firewalls and lock down desktops and laptops. Advise users of the dangers of using public wireless networks at conferences and coffee shops. What's to keep attackers from frequenting those places just to attack unprotected laptops?

Fourth, secure the SSID. The SSID is the identification of the access point. Change it from the default. Access points come with a default SSID, which is well known by brand. Change it. Do not identify your company name in the SSID -- you do not want attackers to know what company they have located. If your access point allows you to, disable the broadcasting of the SSID. This way it cannot be found by merely scanning the area.

Fifth, watch for new security products, below is one I recently spotted. Be aware, I've not tested this free code -- do not use it until you have tested it yourself in a test network to assure it works as advertised, and does nothing else.

Fake AP: This program claims to advertise thousands of fake SSIDs. Anyone using NetStumbler or other products to locate your wireless access point by searching for its SSID will find it, but also these thousands listed here. Which is the real one? The idea is that they'll give up. Your legitimate users should know the real SSID and can enter it in their wireless configuration.

Again, please note that I have not tested this program. Download and use at your own risk, and do let us know.

This was first published in September 2002

Dig deeper on Windows mobile device management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close