Wireless Security Precautions
- Use the built-in encryption - Enable the highest level of Wireless Encryption Protocol (WEP) that ships with the access point and enable on all cards that you want to connect to the AP.
- 802.11b and 802.11g provide up to 128-bit WEP
- 802.11a provides up to 152-bit WEP
- Change default SSID that ships with the access point (i.e. the default for a Linksys AP is Linksys)
- Disable the broadcast mode that is used by access points to transmit their SSIDs
- Turn off Ad-hoc mode which allows peer-to-peer network connections by enabling Infrastructure mode where all wireless clients must connect via an access point
- Use MAC Address Authentication using access control lists (ACLs)
- Don't give the network a name that identifies your company
- Add passwords to all devices
- Move wireless access points away from windows and use directional antenna
- Disable the features you don't use
- Put a firewall between the wireless network and other company computers
- encrypt data
- Implement VPN (Virtual Private Networking) over the wireless LAN
- Regularly test wireless network security by preforming a regular audit for rogue access points
- Create and enforce a wireless security policy
- Educate the network users about the security risks of wireless.
"What's happening with wireless networks is that it's no more or less secure than anything else. It's just [that] with a wireless LAN [local area network] you need a new page in the rule book. Security doesn't stop at the perimeter of the company building." [Geoff Davies, managing director of I-SEC, a specialist information security company, reprinted in Financial Times, July 1 2002]