Surprisingly, most wireless networks in use today would not meet the
most basic security requirements. The following measures should be
considered the bare minimum requirements.
-
Implement WPA (if
possible) - This interim security standard affords
much tighter security than the original 802.11 security
specifications. If all your hardware supports it, use
it. This standard is nowhere near universal with all the
legacy hardware out there now, however.
-
Turn off SSID
broadcasts - It's the equivalent of using a blinking
neon sign to advertise the presence of a wireless
network.
-
Change the Default SSID
- Factory default SSID's are well known.
-
Change the Default
Password - Sounds crazy, but many don't do this.
Strong passwords should be used. Passwords should be
changed on a regular basis.
-
Turn Off Remote
Management - You don't want just anyone from the
internet to be able to play with your router, do you?
The intruder wouldn't even need to be physically
proximate.
-
Enable the Highest WEP
Level Possible - Most wireless hardware sold today
can handle at least 128-bit encryption.
-
Disable DHCP - Your
wireless router can quite possibly welcome a rogue
computer with open arms if DHCP is enabled.
-
Implement MAC Address
Filtering - Make sure that only your network devices
are on the network.
-
Change the Default
Subnet - Factory default subnets, like factory
default SSID's are well known.
Did you get all that, and implement it on
your network? If so, you don't
need our wireless security service.
If this is all Greek to you, then you
could probably benefit from a security audit. Manufacturers of wireless
networking equipment purposely ship their hardware in a more relaxed
security state, so that they are not inundated with questions from
confused and/or angry customers.
Not all consumer level wireless hardware
can handle every one of these security measures. DCNS will make sure that
the strongest level of security attainable with your hardware is
implemented. These measures will keep out all but the most determined
intruder. Someone can still get in with these measures in place, but the
time involved makes the attempt much more difficult and time consuming. It
would be much easier for the intruder to simply
move on to lower hanging fruit.
That said, there is still more that can
be done. Consider these base measures as deadbolt level security. It's
still possible to get in, but only the most determined individuals will
bother. See stronger measures if you require
even greater security.
|
