Here are a few simple steps you can take to maximize the security of your wireless network and to protect your data from prying eyes and ears. This section is intended for the home, home office and small office user.
· Turn on WEP ( Wired Equivalent Privacy)
· Change your default password
· If possible than close your network
· Change your network name
· Move your access point
· Use MAC control tables
· Other simple solutions
· Use VPN (Virtual Private Network)
· Enterprise level User Authentication via 802.1x and EAP
1> Turn on WEP
Most important: Turn on WEP(Wired Equivalent Privacy). WEP is the underlying security technology provided by the Wi-Fi (802.11b) standard. Even though WEP is not perfect, it does provide basic security. Some experts say that from 60 to 80 percent of all wireless LAN networks operate with WEP not turned on.
Most home and small office Wi-Fi systems provide 40-bit (also called 64-bit) WEP encryption. To make initial installation simple, most Wi-Fi access points ship with WEP turned off. So once you have your network turned on and working, make sure you activate WEP by following the instructions in your manufacturer's instructions.
You can also increase your security by periodically changing the encryption key.If you're concerned about privacy, change your code every week or two. If you're very concerned, change it more often or use an advanced security technology such as 802.1x, which can change your WEP code automatically every 5 minutes or so.
2> Change your default pass word
Most wireless networks ship with a default password provided by the manufacturer. Change it as soon as possible. Most hackers can easily figure out the default password once they identify the make of your network access point.
3> Close your Network
If possible, block the SSID (Service Set Identifier) from being broadcast. This has the effect of "closing" your network. Many Wi-Fi systems enable you to close the network.
All access points ship with a wireless beacon signal so that wireless PCs can more easily find them. In effect, the signal is shouting, "I'm here! Log on!" By turning the SSID off or by "closing" your network, you make it much harder for hackers to find you: If they don't know your network exists, there's less chance they will spend the time to crack your communications. So, If your equipment permits you to close the network, make sure you do so.
4> Change your Network name
Most access points ship with a default Network name. When your network is up and running you should change the name to something personal, yet hard to guess.
5> Move your access point
To increase privacy, place your access point in the middle of the room, away from open windows and doors. The more metal and wood you put in the way, the less distance your wireless messages can travel. You can test how much of your signal is escaping from your business or home by taking your Wi-Fi equipped laptop outside and checking to see how far you can go and still make a connection. You might be surprised.
6> Use MAC control tables
Use MAC (Medium Access Control) tables if your access point supports them. Like all networking devices, a Wi-Fi radio, has a unique MAC address coded into its memory. By using the MAC Access Control List (ACL), you can limit the wireless connection to only those Wi-Fi radios whose MAC addresses are directly enabled in your access point. It's like call blocking on a telephone, but for a wireless LAN. If a rogue wireless radio with a MAC address that is not in this table tries to connect to your network, your access point will not let it.
7> Other simple solutions
There are various ways to set up your computer's directories and network to protect your stored files and data. One way is to turn off "Sharing" and use "Passwords" to access directories holding confidential files. Sharing and Passwords are accessed in Windows by right clicking on the directory and going to the "Properties" command. Also see Windows networking tips and secrets.
Remember that most web sites that handle purchases, credit cards and other financial information usually use encryption methods such as SSL(secure socket layer) to protect sensitive data. So most financial data transmitted over the Internet is already encoded from the time it leaves your computer until it reaches the web site.
8> Use Virtual Private Network
Many large companies use VPN (Virtual Private Network) technologies for staff that need to remotely access the company's corporate database. VPN systems also work for Wi-Fi wireless networks.
A VPN creates a virtual tunnel from your computer through the local wireless access point, through the Internet, and then to your corporate headquarters. Even though it can be complicated and expensive, using VPN creates an almost impenetrable wall of security for your wireless communications whether you're working from home, an airport lounge or your company's meeting rooms.
9> Enterprise level User Authentication via 802.1x and EAP
WEP has almost no user authentication mechanism. To strengthen user authentication, Wi-Fi protected Access implements 802.1x and the Extensible Authentication Protocol (EAP). To gather, these implementations provide a framework for strong user authentication. This framework utilizes a central authentication server, such as RADIUS, to authenticate each user on the network before they join it, and also employs “mutual authentication” so that the wireless user does not accidentally join a rogue network that might steal its network credentials.
0 comments:
Post a Comment