Conclusion: Common Sense Access Controls

Conclusion: Common Sense
Access Controls

Maintaining control over your wireless systems in an effort to prevent
unauthorized access while maintaining privacy is an attainable goal.
Some of the most effective means of preventing unauthorized access are
the easiest.

Since your WLAN is composed of both hardware and software solutions,
you can, at the very least, evaluate your solutions by upgrading
your access point configuration so that you can update your software
solution and hardware firmware with the following key elements:


Software patches

Firmware upgrades

Authentication routines

Stronger encryption

Intrusion detection systems

Biometric access devices

VPNs (to add another layer of encryption protection)

Public-key infrastructure solutions

Configuration issues allow you to establish your security policy guidelines
with respect to setting:


Administrative passwords

Encryption

MAC screening (this only allows authorized network card access)

Access control lists (restricting access to authorized users)

You should also remember always to change any default passwords
for your routers and other wireless devices. Any default setting can
become an extreme vulnerability that any hacker can exploit. There are
even dedicated hacker Web sites that list every default password for all
known wireless routers. If your router has any default access setting
enabled, you can be sure that it is a simple matter for someone to figure
out how to gain access just by knowing the model number and brand of
your specific equipment.

Encryption settings should always be set at the highest possible values,
preferably using a 128-bit level of encryption to make it that much harder
for anyone to determine ways in which to eavesdrop on your WLAN.
The most common way in which a hacker enters your WLAN is when
you have an “open system” enabled, where anyone in range can access
your system. An easy way of stopping unrestricted wireless network
access is to use medium access control (MAC) and access control list
(ACL) functionality that screens out the unique ID of all machines
except for those authorized to use your network.

A basic but commonly overlooked security measure is to change the
default SSID of your access point. Hackers can easily log into a system whose only means of protection is a unique SSID. This information is
extremely easy to acquire and can enable someone to access your system
by just knowing the value of your SSID.

If the manufacturer has enabled encryption on your access point, you
should immediately change its cryptographic keys because, as indicated
earlier in this chapter, any default value (including encryption keys) is
easy to obtain and represents a significant vulnerability in the access
barrier that prevents unauthorized users from accessing your WLAN.
Most access points are preconfigured to use a specific wireless channel.
This value must also be changed. In many cases, using channel 6 is
often the least intrusive if you are running 2.4-GHz cordless telephones
along with your 802.11b network. However, no matter what your default
channel is set to, change it immediately so that you don’t give any
advantage to a hacker.

Finally, you should refrain from using DHCP on your wireless network
because if a hacker does breach your security barrier, your DHCP
server won’t realize that a hacker (as opposed to an authorized user)
just joined your network. The access point or wireless DHCP server will
simply assign a DHCP address, making the hacker’s job that much easier.
With a DHCP address automatically assigned to incoming mobile
devices, you are inviting intruders. Make certain that you have predefined
each mobile device IP address, so that at least you can track an IP
address to a given user. This gives you greater control over your WLAN
and lets you keep a log of all incoming traffic so that if a wireless device
is compromised, you can more effectively track the breach.

In following these guidelines, creating an effective security policy,
and remaining vigilant about knowing the configuration settings of your
wireless network, you can effectively prevent unauthorized access
attempts into your wireless network. You can maintain an effective level
of privacy and protect your mission-critical data assets from hackers. 151