Government Computer News
Perils of unplugging: 11 steps to successful wireless security
It’s time to take on the security flaws of wireless LANs.
Digg
De.licio.us
Slashdot
Technorati
Nothing will make an 802.11 wireless network completely secure, but there are ways to tighten one enough to keep out most unauthorized users.
Think of security in terms of numbers. Suppose there are 100 potential intruders on your wireless network. Probably 99 could break into a standard wireless network out of the box.
A basic precaution such as not broadcasting your service set identifier (SSID) might eliminate 10 of them. Rudimentary media access control filtering might knock out another 20. Eventually, you get down to one or two people with enough agility to get past all your security.
But securing a wireless network follows the same premise as all IT security: Focus on making breaches extremely difficult, not foolproof.
If your agency runs a LAN with sufficiently layered security, but an agency across the street is running an out-of-the-box wireless network, an intruder is far less likely to waste hours or days hacking into your network. The other guy’s an easier target.
Even when you’re up against a skilled and determined hacker, you can prevent damage if you know what to look for and how to respond to an attack.
To be sure, the challenges of securing wireless networks are greater than those posed by wired networks. Expect a constant battle because hackers will try to break in.
To help tip the scale in your favor, the GCN Lab has created a battle plan for securing your wireless LAN. If you follow these 11 steps, you will keep intrusions and disruptions to a minimum.
1 Don't fight blind
One of the easiest things you can do is turn off your access point’s SSID. In other words, tell your access points not to broadcast the fact that they exist. Employees will still find them, however, because you will give them proper names.
So-called wardriving hackers on the prowl will likely miss your SSID if it is cloaked. Several programs do exist to find cloaked SSIDs, but less-skilled hackers won’t attack you if they can’t see you.
![1105 Government Information Group [purity]](/images/1105logo_website.gif "Government Computer News [purity]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
