Six basic steps to secure a WLAN

The article mentions 6 steps to follow to gain a basic but very effective security in any wireless network, WLAN.

The purpose of properly securing an access point is cut off from the outside to move our network to people who do not have permission to enter.

A wireless network is inherently more difficult to secure than a conventional network among other things because the medium is the air, as well as on a LAN network outlets we have identified and controlled, in principle, in a WLAN can be accessed from anywhere allowing the antenna.

Despite this, you can always establish a set of basic but effective measures not in 100% of the cases but were prevented access to the vast majority of the intruders. To establish this basic level of security we can make the following 6 steps.

1. Antenna placement

The first step to close the unauthorized access to our access point is to place the antenna in this way that restricts the scope of the antenna to our work area. Never have to put an antenna near a window because the glass does not block the signal. An ideal scheme would place the antenna at the center of the area, leaving only a slight signal leakage through the walls or windows of the office or workplace. If it is impossible to control this factor can still take other additional security measures.

2. Using WEP

Wired Equivalent Privacy (WEP) encryption standard is used to encrypt traffic over a wireless network. Despite not being a very powerful encryption, is enough to stop for a casual intruders we may have on our network.

Most vendors of wireless access points incorporate this protocol encryption disabled by default to allow for easier installation. That the only thing that is achieved in reality is impoverishing the security of our WLAN as data circulating on the Wirel can be read directly with a WLAN Sniffer.

3. Change the SSID and disable its Broadcast

The Service Set Identifier (SSID) is the string of identification used by customers of an access point to be able to initiate a connection. This identifier is predefined by the manufacturer and each comes with a chain by default, such as 3Com come with 101.

The intruders know that these channels can be accessed by default with relative ease to a WLAN and make use of it, so hopefully headaches.

For each access point must be chosen to install a complicated SSID and whether it is possible to delete the shipment by Broadcast this id through our antenna.

4. Disable the DHCP service

At first it may seem strange but in a WLAN is more important than it seems. By this step, a intruder can decrypt our IP address, subnet mask, and other parameters TCP / IP with relevant and which could gain access to our WLAN.

5. Disable or modify settings SNMP

If your access point supports SNMP must either disable or change the channel as the public (Public and Private Community String).

An attacker could easily obtain relevant information on our network through this service.

6. Use access control lists

For more effective control of our network is an interesting use of ACL or access control lists. This is an option that not all of the access point by offering what we kept in mind when buying the access point.

When incorporating this service usually used by the TFTP protocol to periodically download updates to these lists to facilitate administrative tasks and not have to configure the ACL in each access point.

Popularity: 1% [?]