By configuring the security features such as 64 bit WEP, 128 bit WEP, MAC address filtering, SSID, WPA2 and TKIP, you can secure your wireless network from the hackers, intruders and uninvited guests. Implementing a wireless network in your home or office requires a planning. Wireless network provides mobility and free of wires environment.
Different protocols are security features are used for building and securing different types of wireless networks. While setting up the wireless network we have to setup an access point, which has antenna at one end and wire at the other end. The antenna on the Access point talks to the wireless LAN cards and sends traffic from computer to the access point.
Setting up your access point
If you want to setup a wireless network for your business then you will need to setup a full featured access point such as Cisco Aironet 350 series and if you want to setup wireless network for your home then a low end access point such as Apple AirPort or Linksys WAP 11 are best.
WEP is a process of encryption that saves your privacy and network from the unauthorized access. WEP is used to authenticate the users on the network and the security components are setup on both PCMCIA and the access point. WEP can be configured in 40-bit and 128 bit modes and obviously 128 bit mode provides more security. Even TKIP is relatively new and many access points and wireless cards do not support it but TKIP provides more advanced security features that WEP does not cover. TKIP provides more powerful encryption algorithm and constantly changing the encryption keys and hence make it more difficulty for the wireless hackers to attack the wireless network.
Filtering the MAC addresses is quite hard job if your network is very big so before purchasing the LAN cards, make a plan to buy LAN cards with sequential MAC address because they will be easier to administer. There is another option on some PCMCIA wireless LAN cards to change the MAC addresses. In this way you can specify the MAC addresses of your own range. If you have low end access point then your security will be limited to WEP and MAC address. With the higher end access point such as Cisco Aironet 350 you will be able to turn on the Temporal Key Integrity Protocol
First step in securing the wireless network is to disable the broadcasting features. Control the broadcast area so that signals may not leak because sensitive snooping devices can pick the wireless signals from the Access points.
Things to remember
1. Change the default administrator password of all the hardware and software. Lock each access point and change the password that is not easily guessed.
2. Use 128 bit WEP instead of 64 bit WEP. If you use 128 WEP encryption keys, try to change the encryption keys at least once in a month. Also enable firewall on the computers and routers.
3. Use SSID. Change the default service set identifiers and don’t use anything obvious like company name otherwise it will be easy for the hackers to find the system SSID of the network devices and access them. Also disable broadcast SSID because intruders can use the programs such as http://www.kismetwireless.net to sniff out SSID.
4. Limit access rights of the users. Set your access points to set the rights by the wireless cards with authorized MAC address. Try to position the routers and the access points safely.
5. Ban unauthorized access points. Don’t try to connect with the unprotected wireless networks because in this way your privacy can be leaked and your network can be insecure. Also restrict the unnecessary traffic so that only authorized person can be able to access the network.
6. Authenticate users by different authentication procedures and for this purpose install a firewall that supports VPNS connectivity and require users to log on. Also try to limit the network management work.
7. WPA2 is a newest security technology and if the networking components such as access points, PCMCIA cards and wireless routers support it, you must prefer to use it.
8. Use RADIUS server because it provides another layer of security feactures and the administration of the network.
9. Fix the number of the user addresses in the DHCP server so that no unauthorized person can access the network. Alternatively try to assign static IP addresses from a fixed range.
10. Try to have wireless dedicated hardware security in place. Airdefence.net is a server appliance that is used to connect to the sensors near the AP and protect the network.