Copyright 1997 - 2009 ODEC |
Six Basic Tips for Implementing a More Secure Wireless Network 1. Plan antenna placement The first step in implementing a closed wireless router or access point is to place the access point's antenna in such a way that it limits how far the signal can reach beyond the coverage area. Don't place the antenna near a window, as the glass does not block the signal. Ideally, your antenna will be placed in the center of the area you want covered, with as little signal leaking outside the walls as possible. Of course, it's next to impossible to completely control this, so other measures need to be taken as well. 2. Use WPA or WEP WPA is an extremely secure protocol to use on your wireless network, if it is supported by your router or access point. Use an encryption key that is at least 20 characters long to ensure your network security. Wireless encryption protocol (WEP) is a second choice for encrypting traffic over a wireless network. While it has major weaknesses, it is useful in deterring casual hackers. Many wireless router and/or access point vendors ship their units with WPA/WEP disabled in order to make the product installation easier. This practice gives hackers immediate access to the traffic on a wireless network as soon as it goes into production, since the data is directly readable with a wireless sniffer. 3. Change the SSID and disable its broadcast The service set identifier (SSID) is the identification string used by the wireless router or access point by which clients are able to initiate connections. This identifier is set by the manufacturer, and each one uses a default phrase, such as "101" for 3Com devices. Hackers who know these pass phrases can easily make unauthorized use of your wireless services. For each wireless access point you deploy, choose a unique and difficult-to-guess SSID, and, if possible, suppress the broadcast of this identifier out over the antenna so that your network is not broadcast for use. It will still be usable, but it won't show up in a list of available networks to the casual hacker. 4. Disable DHCP At first, this may sound like a strange security tactic, but for wireless networks, it makes sense. With this step, hackers would be forced to decipher your IP address, subnet mask, and other required TCP/IP parameters. If a hacker is able to make use of your access point for whatever reason, he or she will still need to figure out your IP addressing as well. 5. Disable or modify SNMP settings If your router or access point supports SNMP, either disable it or change both the public and private community strings. If you don't take this step, hackers can use SNMP to gain important information about your network. 6. Use access lists To further lock down your wireless network, implement an access list, if possible. Not all wireless routers and access points support this feature, but if yours does, it will allow you to specify exactly what machines are allowed to connect to your access point. The MAC address used to populate your access list is usually printed on the wireless PC card or USB device that you are using to connect to your wireless network. |
Dominion Repair Service, Inc. An Operating Division of Old Dominion Enterprises Corporation Post Office Box 30521 Alexandria, VA 22310 (703) 768-3510 Call 8 am - 5 pm Monday through Friday |
">
">
">
">
Copyright 1997 - 2009 ODEC |
The Computer Doc |
Dominion Repair Service, Inc. Onsite & Remote Computer & Network Service Computer Repairs & Upgrades, Wired & Wireless Network Installation & Configuration, Software Installation, Instruction and Custom Built Systems Serving All of Northern Virginia (703) 768-3510 |
