|
| |
Home wireless security (WEP, WAP) setup in
Crawley Sussex & Surrey |
We will deliver & commission this
equipment in your home, all our engineers carry identity badges.
|
CALL OUT
|
£20.00 |
|
LABOUR |
£40.00 |
|
WORKSHOP |
£20.00 |
|
PER HALF HOUR ALL
PRICES INCLUDE VAT |
|
Accessories
PC Sales
Monitors
Media
Mice
& keyboard
cables
network
The towns in
which we will repair/ upgrade pc / computer equipment
ARUNDEL
BILLINGSHURST
BURGESS HILL
CATERHAM
CRAWLEY
CHARLWOOD
COPTHORNE
COWFOLD
CRANLEIGH
DORKING
EAST
GRINSTEAD
EDENBRIDGE
EWELL
EPSOM
FOREST ROW
GODSTONE
HAYWARDS
HEATH
HORLEY
HORSHAM
LEATHERHEAD
LINGFIELD
OXTED
PARTRIDGE
GREEN
REDHILL
REIGATE
SALFORDS
SOUTHWATER
WESTERHAM
|
Wireless networking is easy
to set up, and it's
convenient, especially if
you like to move around the
house or office without your
portable computer while
staying connected. But
because they use the
airwaves, wireless
communications are more
vulnerable to interception
and attack than a wired
connection. Here are some
tips for securing your
wireless network.
1.
Use encryption
Encryption is the number one
security measure, but many
wireless access points (WAPs)
don't have encryption
enabled by default. Although
most WAPs support the Wired
Equivalent Privacy (WEP)
protocol, it's not enabled
by default. WEP has a number
of security flaws, and a
knowledgeable hacker can
crack it, but it's better
than no encryption at all.
Be sure to set the WEP
authentication method for
"shared key" rather than
"open system". The latter
does not encrypt the data;
it only authenticates the
client. Change the WEP key
frequently and use 128-bit
WEP rather than 40-bit.
2.
Use strong encryption
Because of WEP's weaknesses,
you should use the Wi-Fi
Protected Access (WPA)
protocol instead of WEP if
possible. To use WPA, your
WAP must support it (you may
be able to add support to an
older WAP with a firmware
upgrade); your wireless
network access cards (NICs)
must support it (again, a
firmware update may be
necessary); and your
wireless client software
must support it. Windows XP
Service Pack 2 installs the
WPA client. SP1 machines can
be updated to support WPA by
installing the Windows WPA
client with the Wireless
Update Rollup Package
3. Change
the default
administrative
password
Most
manufacturers
use the same
default
administrative
password for
all their
wireless
access
points (or
at least,
all those of
a particular
model).
Those
default
passwords
are common
knowledge
among
hackers, who
can use them
to change
your WAP
settings.
The first
thing you
should do
when you set
up a WAP is
change the
default
password to
a strong
password
(eight
characters
or more in
length,
using a
combination
of alpha and
numeric
characters,
not using
words that
are in the
dictionary).
4. Turn off SSID broadcasting
The Service Set Identifier (SSID) is the name of your wireless network. By default, most WAPs broadcast the SSID. This makes it easy for users to find the network, as it shows up on their list of available networks on their wireless client computers. If you turn off broadcasting, users will have to know the SSID to connect. Some folks will tell you that turning off SSID broadcasting is useless because a hacker can use packet sniffing software to capture the SSID even if broadcasting is turned off. That's true, but why make it easier for them? That's like saying burglars can buy lockpicks, so locking the door is useless. Turning off broadcasting won't deter a serious hacker, but it will protect from the casual "piggybacker" (for example, a next door neighbor who notices the new network and decides to try connecting "just for fun").
5. Turn off the WAP when not in use
This one may seem simplistic, but few companies or individuals do it. If you have wireless users connecting only at certain times, there's no reason to run the wireless network all the time and provide an opportunity for intruders. You can turn off the access point when it's not in use — such as at night when everyone goes home and there is no need for anyone to connect wirelessly.
6. Change the default SSID
Manufacturers provide a default SSID, often the equipment name (such as Linksys). The purpose of turning off SSID broadcasting was to prevent others from knowing the network name, but if you use the default name, it's not too difficult to guess. As mentioned, hackers can use tools to sniff the SSID, so don't change the name to something that gives them information about you or your company (such as the company name or your physical address).
7. Use MAC filtering
Most WAPs (although not some of the cheapest ones) will allow you to use media access control (MAC) address filtering. This means you can set up a "white list" of computers that are allowed to connect to your wireless network, based on the MAC or physical addresses assigned to their network cards. Communications from MAC addresses that aren't on the list will be refused.
The method isn't foolproof, since it's possible for hackers to capture packets transmitted over the wireless network and determine a valid MAC address of one of your users and then spoof the address. But it does make things more difficult for a would-be intruder, and that's what security is really all about.
8. Isolate the wireless network from the rest of the LAN
To protect your wired internal network from threats coming over the wireless network, create a wireless DMZ or perimeter network that's isolated from the LAN. That means placing a firewall between the wireless network and the LAN. Then you can require that in order for any wireless client to access resources on the internal network, he or she will have to authenticate with a remote access server and/or use a VPN. This provides an extra layer of protection.
9. Control the wireless signal
The typical 802.11b WAP transmits up to about 300 feet. However, this range can be extended by a more sensitive antenna. By attaching a high gain external antenna to your WAP, you can get a longer reach but this may expose you to war drivers and others outside your building. A directional antenna will transmit the signal in a particular direction, instead of in a circle like the omnidirectional antenna that usually comes built into the WAP. Thus, through antenna selection you can control both the signal range and its direction to help protect from outsiders. In addition, some WAPs allow you to adjust signal strength and direction via their settings.
10. Transmit on a different frequency
One way to "hide" from hackers who use the more common 802.11b/g wireless technology is to go with 802.11a instead. Since it operates on a different frequency (the 5 GHz range, as opposed to the 2.4 GHz range in which b/g operate), NICs made for the more common wireless technologies won't pick up its signals. Sure, this is a type of "security through obscurity" — but it's perfectly valid when used in conjunction with other security measures. After all, security through obscurity is exactly what we advocate when we tell people not to let others know their social security numbers and other identification information.
A drawback of 802.11a, and one of the reasons it's less popular than b/g, is that the range is shorter: about half the distance of b/g. It also has difficulty penetrating walls and obstacles. From a security standpoint, this "disadvantage" is actually an advantage, as it makes it more difficult for an outsider to intercept the signal even with equipment designed for the technology.
|
|
| |
|