- Change the default Admin password on your Access Point (this includes the webinterface).
- Check if the firmware for your Wireless Access Point and drivers for your Wireless
- Adapter(s) are up to date. Update if necessary. Keep checking for new releases in the future.
- Use the highest level of WEP/WPA (WPA2/802.11i strongly preferred) -- Use decent keys.
- Authenticate wireless users with protocols like 802.1X, RADIUS, EAP (including EAP-PAX, EAP-PSK, EAP-TLS, EAP-FAST, EAP-POTP, EAP-TTLS, PEAP, and EAP-SIM). These protocols support authentication credentials that include digital certificates, usernames and passwords, secure tokens, and SIM secrets.
- Use strong encryption for all (userland) applications you use over the wireless network, e.g., use SSH and TLS/HTTPS.
- Encrypt wireless traffic using a VPN (Virtual Private Network), e.g. using IPSEC or other VPN solutions.
- Use WLAN Security Tools for securing the wireless network. This software is specifically designed for securing 802.11 wireless networks.
Create a dedicated segment for your Wireless Network, and take additional steps to restrict access to this segment. - Use a proxy with access control for outgoing requests (web proxy, and others).
Regularly TEST the security of your wireless network, using the latest Wardriving Tools (the same tools the attacker will use). Don't use these tools on other networks, and always check local laws and regulations before using any wardriving tools. - Enable strict (sys)logging on all devices, and check your (wireless) log files regularly to see if your security policy is still adequate.
(only provides very little security) - Enable MAC address filtering on your Access Point. - Note that MAC addresses can be changed easily by the attacker.
Fuente extraida de la Web Wireless Lan Security.
No hay comentarios:
Publicar un comentario