Wireless networks require the same security measures as conventional networks, and then some.
When you leave your home or corporate network and connect to an open wireless network, your expectation of privacy and security should drop dramatically. There is no such thing as a trusted open network. Someone could be listening and manipulating the information you see and send to others. If you have to log on to a site from an open wireless connection, make sure you use an encrypted connection.
1) Don't breach your own firewall
Your wired network is firewalled. Make sure you don't place your wireless system's access points outside the firewall. 2) Don't forget Media Access Control
Media Access Control (MAC) is often ignored because it's not spoof-proof. It is another brick wall or address filter. If you are auditing or logging you will catch the intruder attempt. 3) Don't forget WEP
The Wired Equivalent Privacy (WEP) is a protocol specific to wireless security, conforming to the 802.11b standard. It encrypts data as it goes wireless, over and above anything else you're using. Use it. Don't stay with the default key. Yet don't rely on WEP alone. 4) Don't allow unauthorized access points
Access points are so incredibly easy to set up, by anyone smart enough to run a VCR can do it. The access point is a primary target for an intruder. Implement a deployment strategy and procedure, and stick to it. You must carefully outline the correct guidelines for the AP in your wireless network configuration. Have another person double-check the installation.
5) Don't permit ad-hoc laptop communication
This is a tough one to enforce. Ad-hoc mode lets Wi-Fi clients link directly to another nearby laptop. As part of the 802.11 standard, ad hoc mode permits your laptop's network interface card to go peer-to-peer with another laptop via RF. When you're in ad hoc mode, you can spontaneously form a wireless LAN with other laptops. It permits access to your entire hard drive. It can also become a bridge to your local wired network if your ethernet cable is connected. 6) Rogue hot spot an "evil twin" sourceforge.net/projects/airpwn Airpwn is a tool for generic packet injection on an 802.11 network.
If a public hot spot advertises itself using a specific SSID, a hacker can set up another 802.11 access point using the same SSID. That means if a public hot spot advertises itself using a specific SSID, anyone can set up another 802.11 access point using the same SSID. If the signal is stronger--and even if it's not--a typical user could easily end up connecting via the wrong wireless access point--if the user even gets to select the access point at all.
he rogue hot spot Dubbed an "evil twin" of the legitimate wireless access point.
Back To Main Page