 |
 |
|
Wireless local-area network (WLAN) technology has seen tremendous security strides in recent years. When planned, configured, used and monitored properly, WLANS and the access points they utilize can be very secure. Here are 10 steps to a secure wireless network:
Create a plan before you purchase your equipment
Conduct a detailed planning and analysis process before deploying wireless technology. One of the best ways to do this is with one of the wireless survey products on the market today. These will help you take into account the topography of your work area and the construction materials present. Based on the information you input, this software then creates a behavioral model of radio frequency (RF) energy in the environment so you can determine optimal placement of access points. This software also helps you identify signals from outside access points that could pose a risk to your network.
Separate your wired and wireless LANs
For optimal security, physically separate your wireless network from your wired network. By placing your wired LAN on its own network segment, you protect it from a determined hacker who might have identified your wireless network.
Another approach is to implement a forced virtual private network (VPN) configuration. Under these guidelines, a user must have separate authorizations for access to the wired and wireless LANs.
A third approach is to place a network firewall between your wired and wireless LANs. This will also keep authorized wireless users from accessing your wired network without authorization.
Avoid default settings
At several levels, default settings need to be changed, in some cases regularly, to make wireless networks harder to hack. Default log-on codes should be changed from the outset to an alphanumeric and special character code of no fewer than eight characters. For high-security environments, turn to automated password generators or two-factor access codes to authenticate users.
Vendors often create default key sets for shared-key authentication between the access point and wireless devices trying to access the network. You’ll want to change these from their default settings and continue changing them on a regular basis.
Beware of the reset function, as it generally reverts a device to its factory defaults. Make sure this function is off-limits to everyone but systems administrators.
Every access point comes with what is essentially a default name — the service set identifier (SSID) — that then becomes the 32-byte ID for your WLAN. The defaults used by vendors are well known so you need to change the SSIDs on your access points. While smart hackers can easily sniff SSIDs and compromise this type of security, the change will keep out random unwanted users and less-sophisticated hackers.
Utilize encryption
Access points typically arrive from a vendor with a fewpreset encryption levels. Go for the highest level allowed, but remember that all access points must be set to the same level of encryption. This means that older products on your network with lower limits of encryption will limit you to those levels.
The latest wireless standard, Wi-Fi Protected Access (WPA), offers more encryption than its predecessor, Wireless Equivalent Privacy (WEP). WEP had weak 40-bit encryption keys that compromised security. WPA is inherently more robust, but you should still use strong passwords that are alphanumeric and longer than 10 characters.
Create and control unique addresses
Create unique addresses for end-user devices that you want to allow access to your network and enter those addresses into your accesspoint. By assigning these Media Access Control (MAC) protocol addresses, you will be able to identify everyone on your network and those who aren’t authorized but are trying to get on.
Keep a low profile
Every access point periodically blasts an increased-intensity beacon signal so that wireless devices can find it to gain access. The period between beacon blasts can be adjusted, typically to a maximum of once every 67 seconds. By setting your beacon signal to blast less frequently, hackers scanning for signals are less likely to find yours.
Manage network protocols
Simple Network Management Protocol (SNMP) agents, a set of protocols for managing complex networks, have been updated over the years to protect your network against attackers. SNMP Versions 1 and 2 can be manipulated by hackers to allow them onto your network. SNMP 3, which supersedes SNMP 1 and 2, offers higher levels of protection and allows you to monitor activity around your WLAN.
Manually assign IP addresses
You can block breaches to your wired networks via your WLAN by foregoing use of Dynamic Host Control Protocol (DHCP) servers. A DHCP server automatically assigns temporary IP addresses to devices that have gained access so that users can access other networks. But DHCP servers can’t validate the users to which it gives IP addresses. So if a hacker gets through your first line of defense, your other systems become vulnerable. Instead, you should manually set specific IP addresses for your users’ wireless devices.
Perform regular systems analyses
If your network has both wired and wireless segments, you should have a
tool capable of analyzing these segments. A WLAN/LAN analyzer can help you quickly isolate urgent problems on your network as well as issues that may be keeping it from performing at an optimal level. An analyzer can help discover virtual LANs (VLANs), measure RF signals, analyze network traffic, identify top talkers, discover unauthorized devices and locate rogue devices. Such analysis will detect where there’s an unprotected access point that doesn’t have encryption enabled.
Conduct audits
Experts recommend regular audits of your wireless network. Test to see where a given access point’s signal can be received from. Test the signal strength of access point antennas to determine the best orientation for those antennas and to determine how to prevent an access point from being available beyond the walls of a building.
These 10 recommendations will help provide your business with the most secure wireless network possible.
To learn more about WLAN protection, contact your account manager,
%%d_amdefault_cta%%.
<< BACK TO TOP
|
|
|
|
|
 |
Symantec Client Security 3.1
Keep enterprise client systems safe with software that provides proactive protection against threats
CDW 958321
LEARN MORE >>
Acer TravelMate® 4220-4124
Get full wireless capability and the power of dual-core processing from a notebook with an entry-level price
CDW 1036176
LEARN MORE >>
D-Link DWL-2100AP 802.11g wireless access point
D-Link’s wireless access point gives you fast transfer rates and four configuration options
CDW 572898
LEARN MORE >>
|
|
|
|
Account Manager
%%d_amdefault_ambox%%
|
|
|
