|
Wednesday, 07 December 2005 |
|
Interestingly enough, all of the rules that a paranoid IT person would
follow in building a computer network are blatantly violated at coffee
shops and small businesses across the US. DLink, LinkSys and Netgear
have made wireless so simple that free bandwidth is everywhere. In a
non-public setting, an open network would be a huge mistake. However,
at a coffee shop or bar, "wide open" has become the default.
Normal Security Tweaks
- Change your SSID / Turn off SSID Beacon PDUs
- Turn on MAC Address Access Control Lists
- Activate WEP
- Don't use DHCP or use DHCP only with authorized MAC addresses
- Use a Static ARP table
- Put your wireless access point outside your firewall
- Require personal firewall software to your wireless clients
To Broadcast, Or Not To Broadcast...
When securing a wireless network, some believe the SSID (the name of the device)
should not be broadcast. When you broadcast the SSID, you are essentially
inviting others to connect to your network. In a coffee shop setting, during
business hours, this is good. It means you don't have to tell customers how
connect. In a non-public setting, or perhaps for the coffee shop that only
wants customers to use their connection, turing off SSID broadcast is a simple
way to limit who can easily see your network.
Turning off the SSID broadcast is not securing the network. Hackers are
able to intercept all wireless traffic and sort through packets (even encrypted ones) to find your SSID, so don't think just because you don't use the default that
you're secure.
If you did everything in the above list at a corporate level, people might
think you've done well. Pull this at Holiday Inn or Portofino's, and you're
fired!
<<-
Back to Level 2
|
Level 3 - A LinkSys Hybrid
->>
|
How to build a hotspot 
