Making wireless LAN a secure place requires an approach somewhat different from those used for wired LANs. This is especially important if you run a business and prepare to deploy a wireless LAN facility. Unless you take measures to prevent eavesdropping intercepting raw packets to analyze them and obtain all the information about traffic structure and, in the worst possible case, intercept passwords and other confidential data.
Wireless LAN security depends on layers and thus can't be reduced to certain strict rules. The main idea is to eliminate non-encrypted traffic entirely and be in full control of all the connections being established.
Certain pieces of advice include:
* Use WPA encryption: Encryption is the only means to render all sniffing (eavesdropping) useless. WEP encryption is not that hard to crack; thus you should make use of more reliable WPA. Please keep in mind that most secure WPA Enterprise version a RADIUS server is required.
* Enable MAC address filtering. It is essential to limit what devices are allowed to connect; whitelisting is the best approach. Even though the MAC address may be spoofed in certain cases, this level of protection won't harm.
* Reduce outside coverage. Do not allow to connect from the territories well outside of your facility, even if that's parking lot in your building.
* Disable SSID broadcast. It won't keep the professional hacker off, but since the hidden network names can't be picked up easily, that will grant a bit more protection, as well.
Think of wireless security as of multi-layered armor: the more layers you provide, the stronger is the overall security.
Wireless LAN security depends on layers and thus can't be reduced to certain strict rules. The main idea is to eliminate non-encrypted traffic entirely and be in full control of all the connections being established.
Certain pieces of advice include:
* Use WPA encryption: Encryption is the only means to render all sniffing (eavesdropping) useless. WEP encryption is not that hard to crack; thus you should make use of more reliable WPA. Please keep in mind that most secure WPA Enterprise version a RADIUS server is required.
* Enable MAC address filtering. It is essential to limit what devices are allowed to connect; whitelisting is the best approach. Even though the MAC address may be spoofed in certain cases, this level of protection won't harm.
* Reduce outside coverage. Do not allow to connect from the territories well outside of your facility, even if that's parking lot in your building.
* Disable SSID broadcast. It won't keep the professional hacker off, but since the hidden network names can't be picked up easily, that will grant a bit more protection, as well.
Think of wireless security as of multi-layered armor: the more layers you provide, the stronger is the overall security.
