Question: How do I lock down my Access Point? Answer: Basics for secure wireless computing.
1. Disable SSID broadcasts. 2. Enable WEP encryption. 3. Use Mac filtering if possible. 4. Know your wireless footprint. 5. Limit IP's from AP DHCP. Explanations: 1. By disabling SSID broadcasts, you effectively make your wireless network disappear. Only authorized clients that have he correct SSID can connect to your network. Even Netstumbler can't see the network, although some linux versions of wireless sniffers still can. 2. Use WEP even though it can be cracked, it's better that no encryption. Also cracking the WEP key would require a steady network flow to capture enough packets the begin working on the key. Most Wardrivers, aren't going to have access to your system long enough to worry about it, they see WEP enabled and move on. There are too many unencrypted networks out there already, why waste time working on one that has encryption turned on. 3. By setting Mac filters on your AP's you can effectively control who's able to connect to them for use. Granted, it's not going to be an easy solution to implement if you had hundreds of users that could possibly connect to a given AP. But if you maintained strict control of AP access to those who really need it you limit the exposure for abuse to your network. 4. Do a walk through with a wireless laptop to see where your hotspots for your network are. It's always a good thing to know that if you have a big hotspot with access available to video store parking lot next door to your office. That's a good place for wardrivers to stop and park to leech off your network. By knowing your footprint, you can reposition your AP's to minimize the amount of bleed through that you have available. 5. Enable AP DHCP to release only 1 or 2 IP addresses. This way if both are taken up, it will not assign another IP. Make sure you change the default admin password on the router as well, there are lists available that provide almost every consumer level default admin password. More information can be found on www.netstumbler.com. __________________ "Teodorski, Chris" wrote: > > So I've ordered a wireless router for home....I'm quite sure that it ships "wide >open" with no security set....I was wondering if any of you could be kind enough to >offer suggestions or point me towards any good articles on securing my new wireless >environment. i'd like to find a mix of both theory and checklist stuff.....so I can >secure it and understand the what's and whys. > > Thanks, > > chris -- Christopher Rector, MCSE Computer Information Specialist Southern Illinois University School of Medicine Department of Ob/Gyn 217-545-9182
smime.p7s
Description: S/MIME Cryptographic Signature