Securing a WiFi Network
1: Disable SSID broadcasting.
2: Configure your SSID so as not to divulge any clues as to the identity of the WLAN’s owner. For example, if your company is called Ultra Foods, don’t set up an SSID of UltraFoods but instead use something like WLAN1.
3: Make sure that you’ve changed all the default passwords on your WAP.
4: Log onto the Web site of your WAP’s manufacturer and download the latest software (known as firmware) for the device.
5: Ensure that you use WPA rather than WEP encryption. Set it to the highest strength available on your WAP (usually 128 bit) and use a strong encryption key (password).
6: Allow connections only from your computers with specific MAC addresses. Although MAC address filtering is highly recommended as yet another tool in your arsenal of wireless LAN security techniques, many computers allow the user to configure their own MAC address and set it to any value that they choose (so-called MAC address spoofing) so the technique isn’t 100% secure. It is still very much worth deploying, however.
7: Advanced WAP or base stations have a logging facility, enable all logging options and check the log files regularly to see who’s been using your WLAN. Investigate any possible abuses.
BSSID : Basic Service Set IDentifier.
decibel : A decibel is a logarithmic measure of something compared with a defined reference point. An increase of 10 dB corresponds to the value being multiplied by 10. A decrease of 10 dB corresponds to the value being divided by 10.
dBI : dBI is a decibel unit that measures antenna gain. dBI is equivalent to an isotropic antenna, a theoretical antenna that radiates or receives equally in all directions. In reality no antenna is isotropic.
dBm : dBm is a decibel unit that measures power. 0 dBm is equivalent to 1 milliwatt. 30 dBm is equivalent to 1 watt.
ESS : Extended Service Set. A wireless LAN configuration that uses access points to connect devices together. Typically the access points are connected together via a traditional wired LAN.
IBSS : An Independent Basic Service Set, also known as “ad hoc network” or “peer to peer network”.
Monitor Mode : A mode of operation of a wireless NIC that allows it to receive all traffic on a given channel, regardless of the BSSID of the networks it sees.
NIC : Network Interface Card
Noise level : The strength of interference or other unintended background signals that are being received. Usually measured in dBm.
Promiscuous Mode : A mode of operation of a NIC that allows it to receive all traffic on the network, regardless of the intended destination. In a wireless setting, this is all traffic with the currently associated BSSID.
RSSI : Received Signal Strength Indication. A measurement of the strength (not necessarily quality) of the received signal, in arbitrary units. RSSI often appears on a scale from 0 to 100.
Signal to Noise Ratio (SNR): The ratio (signal strength / noise level) which measures signal quality. Usually measured in dB. Because decibels are logarithmic, the SNR in dB is the difference between Signal and Noise if they are both measured in the same dB units.
Signal strength : The strength of the signal being received. Usually measured in dBm.
Wardriving : The sport of detecting and/or locating wireless LANs. The ethics (and, in most places, the laws) of wardriving dictate that the wireless LANs thus found must not be used without the owner’s permission.
WEP : Wired Equivalent Privacy. A weak encryption scheme that is the standard on wireless networks. WEP has some well documented weaknesses that make it unsuitable for use with extremely sensitive data.
WPA : WiFi Protected Access. An encryption scheme that is stronger than WEP, but not as strong as AES.