NLC
    COMPANY
    LOCATIONS
    CLIENTELE
    SITE MAP

  INDUSTRIES
    COMMUNICATIONS
    EDUCATION
    FINANCE
    HEALTHCARE
    RETAIL

  SOLUTIONS
    CALL CENTER
    CENTRAL OFFICE
    DATA CENTER
    INFRASTRUCTURE
    WIRELESS

  SERVICES
     CABLING
     DOCUMENTATION
     PLANNING/DESIGN
     PROJECT MGT.
     WIRELESS LAN

  INFO CENTER
    802.11 ALPHABET
    FAQ
    SECURITY TIPS
    TERMS & GLOSSARY
    WARRANTY
    WIRELESS   

  LOGIN
    GUIDED TOUR

  TECH SUPPORT

  CONTACT US
HOME > INFORMATION CENTER > SECURITY TIPS > 14 STEPS
 

14 Steps to a More Secure WLAN

1. Turning off broadcast SSIDs.
This helps prevent unwanted users from associating to your APs. Keep in mind that this
prevents roaming from access point to access point with some manufacturers.

2. Use an SSID naming scheme that is difficult to guess.
Use SSIDs over 20 characters long or a completely random naming scheme, making
them very difficult to guess or remember.

3. Use 128-bit encryption.
The 128-bit encryption remains the best WEP method to date.

View the Berkley "Security of the WEP algorithm" document (xxkb)
(Used with permission from Berkley Edu)

4. Change the 128-bit keys often.
Changing keys frequently makes it harder to break into your system.

5. Do not use easy-to-guess keys.
Easy-to-guess keys are like writing your password down. The SSID and keys are the
entry point into your network. These should be guarded and kept confidential.

6. Implement a user ID-based RADIUS or an advanced authentication system.
To ensure that the AP and client participate in the authentication process, a User ID- based RADIUS system may be implemented. The client enters a user ID and password and the AP then forwards the request with user ID and password to a RADIUS server for authentication.

7. Encrypt the entire application message before it hits the radio.
A third-party VPN (virtual private network) package can be installed between the application and the AP which encrypts all messages before the before the AP receives them. The messages are not decrypted until the host receives them. These encryption methods are the best solution over WEP because they are far more sophisticated than WEP and virtually impossible to breach.

Implementing a VPN, however, is a bit more challenging, it is advisable to use a consultant for planning since VPN's as a default will not work with roaming.

8. Use an Intrusion Detection System
Implement an Intrusion Detection System to alert you whether or not someone is trying
to probe or break into your network.

9. Use a firewall
Use a firewall to protect your WLAN traffic from your private network.

10. Establish a VLAN
Create a VLAN for you're wireless traffic. This will protect your wireless equipment from receiving unnecessary broadcast messages and unwanted traffic, thus increase potential performance. It will also add to your security.

11. Turn off SNMP
Turn off SNMP or change the default community strings.

12. Turn off unused services
Turn off unused services, for example, if you don't administer the AP's with http, turn off this feature.

13. Change TCP/UDP
Change the TCP/UDP default ports on the system.

14. Use MAC filtering and static IP addresses.
Note, there are tools freely available on the Internet that provide quick easy methods of spoofing both IP addresses and MAC addresses, but nevertheless it's a step in the right direction.

To provide better WLAN security, ensure that your installation staff or vender has a strong understanding of wireless technologies and that they have reviewed all of the software settings. The most common issues that present organizations with WLAN security problems are inadequate installations, specifications, or an incomplete understanding of WLAN topography. Don't assume that the 'out of the box' default settings are promote security.

A strong "layered" approach" to WLAN security is the best defense.

Contact New Line Communications today for an onsite consultation.

 
New Line Communications, Inc. | 901 South Bolmar St. |  Suite B.
West Chester, PA 19382
©2009 New Line Communications, Inc.