As evidenced by the troubling number of security flaw headlines that 802.11b-based wireless LANs have garnered in recent months, developing a well-hardened WLAN infrastructure can be a complex and uncertain task. However, here are some steps that IT managers can take to lessen the vulnerability of wireless networks:
- SSIDs (Service set identifiers) and WEP (wired equivalent privacy) encryption, the security measures explicitly defined in the 802.11b standard, have been shown to be insufficient for protecting WLANs—dont rely on these measures alone for security.
- Opt for a security scheme that mitigates packet spoofing with dynamic, per-session WEP keys.
- Incorporate device-independent authentication, such as user names and passwords checked against a network directory, to prevent lost or stolen devices from gaining access to the WLAN.
- Audit your WLAN with wireless sniffer products to locate “rogue” access points that may not comply with your security policies.
- Adopt centralized wireless network management practices to keep all of your access points in line and secure.
- Consider a VPN-based access strategy, which, although imposing an added share of overhead, can boost the security of WLAN links.
- Vendor and standards community efforts to harden WLANs remain works in progress. At least for now, keep your ultra-confidential data off the airwaves.
Also in this Special Report
- Ignorance: The Hackers Best Friend
- Security Roundtable
- Here Be Dragons: Web Services Risks
- Threats to Come
- Trail of Destruction: The History of the Virus
- Community Builds Security: Labs Answers Your Security Questions
- Application Hardening Checklist
- Operating System Hardening Tips