Second, use the provided security mechanisms. Use WEP and use strong keys. Granted, this is a weak encryption algorithm; it is possible that your transmissions may be captured and decrypted. But this is no excuse to not use it, as most casual listeners will not go through the trouble of attempting to break WEP. Why should they when so many clear text transmissions are available? Filter by MAC address. While it is possible for a determined attacker to spoof the MAC address of a legitimate user, she must first find the approved MAC addresses to attack.
Third, secure the wireless clients. As they join the untrusted wireless network, it's like they have connected directly to the Internet. Use personal firewalls and lock down desktops and laptops. Advise users of the dangers of using public wireless networks at conferences and coffee shops. What's to keep attackers from frequenting those places just to attack unprotected laptops?
Fourth, secure the SSID. The SSID is the identification of the access point. Change it from the default. Access points come with a default SSID, which is well known by brand. Change it. Do not identify your company name in the SSID -- you do not want attackers to know what company they have located. If your access point allows you to, disable the broadcasting of the SSID. This way it cannot be found by merely scanning the area.
Fifth, watch for new security products, below is one I recently spotted. Be aware, I've not tested this free code -- do not use it until you have tested it yourself in a test network to assure it works as advertised, and does nothing else.
Fake AP: This program claims to advertise thousands of fake SSIDs. Anyone using NetStumbler or other products to locate your wireless access point by searching for its SSID will find it, but also these thousands listed here. Which is the real one? The idea is that they'll give up. Your legitimate users should know the real SSID and can enter it in their wireless configuration.
Again, please note that I have not tested this program. Download and use at your own risk, and do let us know.
This was first published in September 2002