Wireless Network Question

Quick question as I am not too strong in wireless. I have a wireless network I setup myself at work, it has 1 SMC wireless router and 2 SMC Access Points. I currently have it setup to where it will only let anyone connect to the network if I have the MAC address of the wireless NIC setup in DHCP. Only a few people ever use it and I figured this was the most secure way to set it up to keep anyone from just hopping onto it. This is pretty much the most secure way of setting it up right or did I miss anything?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

janmike

I'm like you, weak on the wireless systems. However, in a recent meeting of our IT dept these matters were discussed. From this and my Net+ & Server+ studies and our practices as work, I remember and surmise the 2 following points,

1) The weakest security area is in the area of in-house users. There is far more danger from this than from being hacked through a security system -- keep the number of users as low as possible!

2) Piggybackers are everywhere. You'll always have people wanting to ride your wireless system and eat up you precious bandwidth. We have people come in and ask if they can jump on! Well, guess that's better than wholesale piracy.

Now, with these 2 things in mind, you're probably as safe as you're going to get.

This may be too superficial, but hope it helps.

Webmaster

I'm working on Wireless Network Security TechNotes for the Security+ which should be online in a couple of days, here's an excerpt:

The following tasks are examples of minimal security measures that should be taken in most 802.11 based wireless networks:
- Change the default SSID in access points to something that does not reflect anything obvious such as the organization’s, building's or street's name.
- Disable broadcasts from access points, forcing the client SSID to match the AP's SSID.
- Configure strong administrative passwords, and if possible, turn off remote administration features.
- Implement a firewall between the wireless and the wired network.
- Enable WEP (Wired Equivalent Privacy). Although it doesn't provide very strong security, it should be enabled nevertheless.

When it is appropriate, you could place external boundary protection around the perimeter of the office/building.

I hope this helps!

Webmaster

Still working on the notes... it's going to be, and take, a bit longer than planned... as usual

But there's an important issue I came across, which should be added to the list above.

I currently have it setup to where it will only let anyone connect to the network if I have the MAC address of the wireless NIC setup in DHCP.

This is not secure, because a MAC address can be easily spoofed. Sure, they have to 'guess' a valid MAC address, but if they would find out who the manufacturer of your NICs is, they 'only' have to guess 6 hex characters.

If you don't use Shared Key authentication but Open System authentication the clients broadcast their MAC address by default to identify themselves.