Wireless Network Security
The task of setting up wireless networks is either flawless or drives us crazy. We may be reluctant to modify a working configuration or so much time may have been dedicated in troubleshooting and configuring a practical solution that we tend to ignore the security part of the wireless setup! You must build your wireless setup around the security controls and features provided by WAP devices and not implementing security as an afterthought. There are quite a number of security measures we can take and they depend mostly on your WAP devices but the following features which must be available on most WAPs will help you increase your wireless setup security:
Default Administrator password: Change the default login username and password. Every WAP device has a web page interface that allows you to perform all necessary configurations and require you to logon using a manufacturer provided username and password. The default details for different manufacturers are available on the Internet and devices documentation which are known to many users, let alone hackers!
Default SSID: Changing the default SSID helps you avoid conflicts with other nearby networks which are also set with the default SSID. Although, this has no direct impact on security, hackers who see a network with a default SSID are more likely to attack it as it is considered as a poorly configured network.
Disable SSID broadcast: A WAP typically broadcast its SSID at regular intervals so that new clients are made aware of such service and can connect to it. This feature is unnecessary so turn it off as you would know your office or home connection ID! Again, hackers can detect the presence of a WAP device even with broadcast turned off but it may help in reducing the likelihood of making them aware!
WPA or WEP encryption: You should opt for the strongest form of encryption that your wireless devices support. Remember that all wireless devices participating in your wireless network must share the identical encryption settings. WPA offers you better protection than WEP and remember to avoid dictionary words in both the SSID name and WPA passphrase. Encryption scrambles data sent over the wireless network.
MAC address filtering: If your wireless client devices are all known then you can set MAC filtering where the specified addresses are the only clients allowed to access the network. Networks with many client devices can capture all MAC addresses through the ARP cache rather than visiting every device to get MAC addresses. This feature hardens your setup but it’s not 100% foolproof as hackers can use MAC spoofing to overcome this control but this is no easy task!
Assign static IP addresses to wireless clients: When possible disable DHCP services for your wireless clients and use static IP addresses. This increases security for the less experienced hackers but might complicate the task of setting up client devices.
Firewall: Ensure that Windows Firewall is enabled on wireless computers and if the WAP device has a built-in firewall check that this firewall is enabled and configured properly.
Others: Position the WAP centrally so that signals that reach to the exterior of your office or home are weak or limited. Minimize the outdoor leakage as much as possible. If possible turn off a W AP device after-office hours or during shutdown/holidays. However, if the device does not support an auto off/on mechanism then this may become an impractical measure!