Braintique.com header
Left Navigation Bar

Wireless Network Security Checklist, page 4

If you really need a high level of security, you should consider not using a wireless network at all, or at the very least bringing in a qualified wireless network security expert.

Additional security measures include the following:

  • If your access point allows this, lower your broadcast strength. The lower your broadcast strength is, the less likely a nefarious evildoer outside your network is to be able to intercept it (because it doesn’t broadcast outside your premises). The ideal scenario here requires fine-tuning your Wi-Fi broadcast so that they are strong inside your premises but fall-off rapidly outside. This can often be accomplished by turning down the transmission power, combined with thinking through network design and yagi-type antennas.

  • Understand the range of your Wi-Fi broadcasts, and see if there are any obvious vulnerabilities (a parking lot? a neighbor who hates you?). Performing a physical survey will not only help you understand vulnerabilities, it will also help you create a network topography and transmission plan that bypasses the problem areas you have found.

  • Regularly review the DHCP logs provided by your router to see if there are any unauthorized connections.

  • Turn off wireless access to the access point’s administrative application (this is usually only available with enterprise-class Wi-Fi access points).

  • Use a dynamic, per-session WEP encryption scheme. This requires additional hardware, namely an authentication (or Radius) server.

  • If you can’t install a dedicated authentication server, authenticate Wi-Fi connections with user names and passwords using a network directory server (which can be a Windows domain server and need not be a separate piece of hardware).

  • Encourage access to your Wi-Fi network via a Virtual Private Network (VPN).

  • Create a network topology that uses a DMZ with its own set of firewalls for the Wi-Fi access point. This will isolate the access points from possible attacks. You can beef this up even further by making sure that the access point and the nodes on your wireless network can only communicate via a VPN. A good piece of equipment to use to implement this in the small office context is the Watchguard SoHo Firebox, which combines a firewall and a VPN, and costs about $300.


Page 1 | 2 | 3 | 4

Home | Barticles | Blogs | Books | Services | FAQ | Contact

© Braintique.com. All rights reserved.

Search Engine Optimization







RSS 2.0 Syndication feed

Syndication Viewer

Our Web host:
IX WebHosting

Food for Your Brain! Get a Barticle! Questions Answered Books for You What We Can Do For You Contact Us Brain Food Questions Answered Books for You What We Can Do For You Frequently Asked Questions About Us Google Research Photoshop Wi-Fi and Wireless Networking The Natural Way to Write