Wireless Network Question

halflife78halflife78 Member Posts: 122
in Off-Topic
Quick question as I am not too strong in wireless. I have a wireless network I setup myself at work, it has 1 SMC wireless router and 2 SMC Access Points. I currently have it setup to where it will only let anyone connect to the network if I have the MAC address of the wireless NIC setup in DHCP. Only a few people ever use it and I figured this was the most secure way to set it up to keep anyone from just hopping onto it. This is pretty much the most secure way of setting it up right or did I miss anything?
· Share on FacebookShare on Twitter

Comments

  • janmikejanmike Member Posts: 3,076
    I'm like you, weak on the wireless systems. However, in a recent meeting of our IT dept these matters were discussed. From this and my Net+ & Server+ studies and our practices as work, I remember and surmise the 2 following points,

    1) The weakest security area is in the area of in-house users. There is far more danger from this than from being hacked through a security system -- keep the number of users as low as possible!

    2) Piggybackers are everywhere. You'll always have people wanting to ride your wireless system and eat up you precious bandwidth. We have people come in and ask if they can jump on! Well, guess that's better than wholesale piracy.

    Now, with these 2 things in mind, you're probably as safe as you're going to get.

    This may be too superficial, but hope it helps.
    "It doesn't matter, it's in the past!"--Rafiki
    · Share on FacebookShare on Twitter
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    I'm working on Wireless Network Security TechNotes for the Security+ which should be online in a couple of days, here's an excerpt:
    The following tasks are examples of minimal security measures that should be taken in most 802.11 based wireless networks:
    - Change the default SSID in access points to something that does not reflect anything obvious such as the organization’s, building's or street's name.
    - Disable broadcasts from access points, forcing the client SSID to match the AP's SSID.
    - Configure strong administrative passwords, and if possible, turn off remote administration features.
    - Implement a firewall between the wireless and the wired network.
    - Enable WEP (Wired Equivalent Privacy). Although it doesn't provide very strong security, it should be enabled nevertheless.

    When it is appropriate, you could place external boundary protection around the perimeter of the office/building.

    I hope this helps!
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Still working on the notes... it's going to be, and take, a bit longer than planned... as usual ;)

    But there's an important issue I came across, which should be added to the list above.
    I currently have it setup to where it will only let anyone connect to the network if I have the MAC address of the wireless NIC setup in DHCP.
    This is not secure, because a MAC address can be easily spoofed. Sure, they have to 'guess' a valid MAC address, but if they would find out who the manufacturer of your NICs is, they 'only' have to guess 6 hex characters. icon_wink.gif
    If you don't use Shared Key authentication but Open System authentication the clients broadcast their MAC address by default to identify themselves.
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
Sign In or Register to comment.