Ten Tips for Better Wireless Network (WLAN) Security in your Business

February 2nd, 2010 | Security Articles & Tips

Having a safe and secure wireless network (WLAN) is essential to the success of your business. Here are 10 tips for a better WLAN security in your business:

1. Change the default SSID (Service Set Identifier) of your wireless access points or routers. Use a significant naming convention, but DON’T use things like your address, business name, or other identifiers which would help external threats locate you.

2. Disable your router access points “broadcast SSID” setting. Using broadcast SSID means that it will accept any SSID. By disabling that feature, the SSID configured in the client must match the SSID of the access point.

3. Change the default usernames and passwords on your access point and routers. This may seem like common sense, but it’s the first thing a hacker will try when attempting to gain access to your network. Use strong passwords, and good password management techniques.

4. Locate access points and routers, as well as external antennas to locations where the service is going to be used (like away from windows or common use areas shared by the public). Radio Frequency transmissions behave in a sometimes peculiar fashion, and by locating them strategically, not only will you get better signal strength and data rates, but you may also be inhibiting or at least limiting the potential for undesirable wireless connections.

5. Use WEP (Wireless Encryption Protocol). Sure WEP has some known security problems, but newer generation equipment supports 128 bit or even 256 bit encryption which is much stronger than the old 40 bit or 64 bit equipment. And at least it serves as another hurdle for your would be intruder to have to overcome in order to gain access to your network.

6. If you are using this WLAN on your private network, consider running it through an internal firewall. This will permit you to filter ports, MAC addresses, and use newer tools like stateful inspection and packet filtering which can reduce potential threats.

7. Try to hack your own WLAN. There are a number of commercial and free security scanning tools just for this purpose, which you can use to help harden your network against the REAL attackers.

8. Consider using an additional level of authentication, such as RADIUS, before you permit an association with your access points. While it’s not part of the 802.11b standard, many manufacturers are including some provision for RADIUS authentication in their equipment, and some even include a built-in RADIUS server. An alternative would be to use the access points to route through your corporate DMZ and use VPN access into your network. This configuration is by far the most secure, but also requires the most setup and administration overhead.

9. Many access points and routers permit you to control access based on the MAC address of the network card trying to associate with it. If the MAC address of your NIC isn’t in the table of the access point, you can’t associate with it. This isn’t completely foolproof, as there are methods of spoofing MAC addresses, and maintaining MAC address tables across multiple routers and access points can be time consuming unless you purchase high end hardware that can do this automatically.

10. Only purchase high end hardware from a reliable vendor that understands the business and security implications. The hardware should support flash firmware, and the company should regularly provide firmware updates to fix bugs, enhance security features, and add new capabilities as the market changes.