General Wi-Fi Security Procedure

482
Chapter 11 
■
Secure Network Architecture and Securing Network Components
offers more security. For example, using WPA2 is a real security feature as opposed to SSID 
broadcast disabling. Here are the steps: 
1.
Change the default administrator password. 
2.
Decide whether to disable the SSID broadcast based on your deployment requirements. 
3.
Change the SSID to something unique. 
4.
Enable MAC filtering if the pool of wireless clients is relatively small (usually less than 
20) and static. 
5.
Consider using static IP addresses, or configure DHCP with reservations (applicable 
only for small deployments). 
6.
Turn on the highest form of authentication and encryption supported, which is cur-
rently WPA2 and may soon be WPA3 (a new security mode in development as of the 
start of 2018:
https://www.networkworld.com/article/3247658/wi-fi/wi-fi-
alliance-announces-wpa3-to-secure-modern-networks.html
 ). If WPA2 or a newer/
stronger solution is not available on your device, then you need to obtain new wireless 
equipment. 
7.
Treat wireless as remote access, and manage access using 802.1X. 
8.
Treat wireless as external access, and separate the WAP from the wired network using 
a firewall. 
9.
Treat wireless as an entry point for attackers, and monitor all WAP-to-wired-network 
communications with an intrusion detection system (IDS). 
10.
Require all transmissions between wireless clients and WAPs to be encrypted; in other 
words, require a VPN link.
Often, adding layers of data encryption (WPA2 and IPSec VPN) and other 
forms of filtering to a wireless link can reduce the effective throughput by 
as much as 80 percent. In addition, greater distances from the base station 
and the presence of interference will reduce the effective throughput even 
further.

Download 19,3 Mb.

Do'stlaringiz bilan baham: