Securing a Wireless Lan


Controlling Access to the Wireless LAN
The concept of depth means having multiple solutions available. It is like having a security system in your house, but still locking all the doors and windows and asking the neighbors to watch it for you. The security methods you have seen, especially WPA2, are like having a security system. If you want to do something extra to secure access to your WLAN, you can add depth, as shown in the figure, by implementing this three-step approach:
SSID cloaking - Disable SSID broadcasts from access points
MAC address filtering - Tables are manually constructed on the access point to allow or disallow clients based on their physical hardware address
WLAN security implementation - WPA or WPA2
An additional consideration for a vigilant network administrator is to configure access points that are near outside walls of buildings to transmit on a lower power setting than other access points closer to the middle of the building. This is to merely reduce the RF signature on the outside of the building where anyone running an application such as Netstumbler (http://www.netstumbler.com), Wireshark, or even Windows XP, can map WLANs.
Neither SSID cloaking nor MAC address filtering are considered a valid means of securing a WLAN for the following reasons:
MAC addresses are easily spoofed.
SSIDs are easily discovered even if access points do not broadcast them.

0 comments:

Post a Comment

 

NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog