Ask the Expert

Securing a wireless LAN 802.11b

What are the options available to me when looking at securing a wireless LAN 802.11b?
First, realize there are ways around most common security for 802.11b; have a policy of no access points unless installed by IT. Then firewall your access points. By that, I mean assume all access to your network via wireless is untrusted. Place the wireless access point on the outside of its own firewall and your network on the inside. Only allow authenticated users through the firewall. Another possible alternative is to require VPN access. Place the access point on the external of VPN server and require users to VPN in.

Second, use the provided security mechanisms. Use WEP and use strong keys. Granted, this is a weak encryption algorithm; it is possible that your transmissions may be captured and decrypted. But this is no excuse to not use it, as most casual listeners will not go through the trouble of attempting to break WEP. Why should they when so many clear text transmissions are available? Filter by MAC address. While it is possible for a determined attacker to spoof the MAC address of a legitimate user, she must first find the approved MAC addresses to attack.

Third, secure the wireless clients. As they join the untrusted wireless network, it's like they have connected directly to the Internet. Use personal firewalls and lock down desktops and laptops. Advise users of the dangers of using public wireless networks at conferences and coffee shops. What's to keep attackers from frequenting those places just to attack unprotected laptops?

Fourth, secure the SSID. The SSID is the identification of the access point. Change it from the default. Access points come with a default SSID, which is well known by brand. Change it. Do not identify your company name in the SSID -- you do not want attackers to know what company they have located. If your access point allows you to, disable the broadcasting of the SSID. This way it cannot be found by merely scanning the area.

Fifth, watch for new security products, below is one I recently spotted. Be aware, I've not tested this free code -- do not use it until you have tested it yourself in a test network to assure it works as advertised, and does nothing else.

Fake AP: This program claims to advertise thousands of fake SSIDs. Anyone using NetStumbler or other products to locate your wireless access point by searching for its SSID will find it, but also these thousands listed here. Which is the real one? The idea is that they'll give up. Your legitimate users should know the real SSID and can enter it in their wireless configuration.

Again, please note that I have not tested this program. Download and use at your own risk, and do let us know.

This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: