(2007-12-21) Quick Wireless LAN Security Checklist
Posted by Jorge on 2007-12-21
I was browsing through some presentations about all kinds of security and found a link to the following…
This checklist is copied from WarDrive.NET….
Quick Wireless LAN Security
Checklist from Wardrive.net (***)
Things you can do to secure your wireless network.
- Change the default Admin password on your Access Point (this includes the webinterface).
- Check if the firmware for your Wireless Access Point and drivers for your Wireless Adapter(s) are up to date. Update if necessary. Keep checking for new releases in the future.
- Use the highest level of WEP/WPA (WPA2/802.11i strongly preferred) — Use decent keys.
- Authenticate wireless users with protocols like 802.1X, RADIUS, EAP (including EAP-PAX, EAP-PSK, EAP-TLS, EAP-FAST, EAP-POTP, EAP-TTLS, PEAP, and EAP-SIM). These protocols support authentication credentials that include digital certificates, usernames and passwords, secure tokens, and SIM secrets.
- Use strong encryption for all (userland) applications you use over the wireless network, e.g., use SSH and TLS/HTTPS.
- Encrypt wireless traffic using a VPN (Virtual Private Network), e.g. using IPSEC or other VPN solutions.
- Use WLAN Security Tools for securing the wireless network. This software is specifically designed for securing 802.11 wireless networks.
- Create a dedicated segment for your Wireless Network, and take additional steps to restrict access to this segment.
- Use a proxy with access control for outgoing requests (web proxy, and others).
- Regularly TEST the security of your wireless network, using the latest Wardriving Tools (the same tools the attacker will use). Don’t use these tools on other networks, and always check local laws and regulations before using any wardriving tools.
- Enable strict (sys)logging on all devices, and check your (wireless) log files regularly to see if your security policy is still adequate.
- (only provides very little security) – Enable MAC address filtering on your Access Point. Note that MAC addresses can be changed easily by the attacker.
(***) Note carefully
The steps mentioned above are not in a particular order of importance. It’s not always necessary to implement all steps, pick whatever is reasonable for your situation.
Wireless LAN Security (and Network Security in general) is more than just following "simple steps". Be sure that you understand the risks while using wireless networking equipment in your home or office.
Basic and advanced information about Wireless Networking and Wireless Security can be found on this website.
Final note: "SSID Hiding" does not provide real security, as explained in this article from Joel Snyder (Apr 2005) and –in depth– in this whitepaper: Debunking the Myth of SSID Hiding from ICSA Labs (PDF, Dec 2003).
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER: https://jorgequestforknowledge.wordpress.com/disclaimer/
############### Jorge’s Quest For Knowledge #############
######### http://JorgeQuestForKnowledge.wordpress.com/ ########