What good is the convenience of Wi-Fi if you wind up throwing your network's safeguards right out the window?
It only took a few years for Wi-Fi to become well entrenched as a connectivity option. Now that it comes standard in most laptops and many handhelds, people are loathe to plug a cable to get online and get some work done.
But that leaves network administrators in a bind.
As more businesses cut the cord, they're finding that their once impenetrable networks can be undone by little more than a badly configured wireless access point. Even if everything is seemingly locked down, the technology's shortcomings can let savvier attackers worm their way in (WEP anyone?).
And then there's the human factor.
Users have a strange knack of mucking up settings when they just can't seem to connect, poking at checkboxes and fiddling with drop down menus until they can get online at a cafe. Back at the office, their "ad-hoc" indifference draws hackers like moths to a flame...
Before you power up your first access point, learn how to draw up a handy checklist that will prevent prying geeks from riding the airwaves to your critical data.
Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.
AO newcomer petereno wants to know if some common Wi-Fi lockdown tricks, like disabling DHCP and changing the SSID, result in a secure environment. brokencrow prefers to stick to the basics, well at first.
Turn off DHCP? Why? You have another DHCP server running on your network besides the router?
All I'd do is:
* Change default usernames and passwords for network devices.
* Enable WPA
* Enable MAC filtering.
* Install firewall for each computer (XP's default is fine).
HTRegz chimes in with...
With MAC filtering and WPA you've got all the "deterrent" you need. They force some effort to be exerted. If someone is going to beat MAC filtering, in the process they will have determined your SSID and learned your DHCP range. If not, shortly after cracking your WPA they will have the DHCP range. If someone's going to go after MAC filtering and WPA, disabling DHCP is not an additional deterrent. It just makes the user’s life inconvenient.
ShagDevil offers the following advice:
They left out something very important about WPA. I'm assuming they meant WPA-PSK. If that's the case, WPA is only as strong as the passphrase used. Make sure when you select your passphrase that you use some complexity. I recommend at least 20 characters, mixed between upper case/lower case/numbers and symbols.
The other two options I disagreed with are security through obscurity. Disabling your SSID isn't really going to protect you much, nor is adjusting your signal strength. I suppose, if you weakened your signal to the point where it didn't permeate outside your walls, that may offer some security, but if you enable a WPA-PSK and choose a good passphrase, limit your DHCP range, enable your MAC filter (not the best security, but it adds another layer), and use common sense I suspect you'll be fine.
Email
Print
Digg This
Add to del.icio.us