Securing wireless access points: WLAN security countermeasures

This portion of the Vines penetration testing tip on securing wireless access points describes WLAN security countermeasures.

Wireless offers the possibility of always-on, instant mobile communications. However, the vulnerabilities inherent

to wireless computing present daunting hurdles. These vulnerabilities -- eavesdropping, session hijacking, data alteration and manipulation, in conjunction with an overall lack of privacy -- are major challenges posed by wireless technologies.

Fortunately steps can be taken to lessen the impact of these threats. Securing wireless networks includes adopting a suitable strategy as MAC address filtering, firewalling or a combination of protocol-based measures. A few specific steps are:

  • Change the AP's default admin password

  • Change the access point's default SSID

  • Disable the "Broadcast SSID" function on the AP

  • Enable WEP and the stronger 128-bit encryption, not the breakable 40-bit

  • Employ MAC address filtering

  • Implement an authentication server to provide strong authentication

  • Physically locate the AP in an area that limits its radio emanations

  • Logically put the AP in a DMZ with the firewall between the DMZ and the internal network

  • Implement VPN tunnels

  • Disable DHCP and assign static IP addresses

  • Penetration test regularly

  • Research migrating to 802.11i technologies and new WEP encryption workarounds

In our sixth and last installment, we'll look at social engineering, intrusion detection systems (IDS) and Honeypots. Stay tuned.


Penetration testing -- Securing wireless access points

  Introduction
  War walking and war driving
  WLAN vulnerabilities, SSID issues, WEP weakness
  WLAN DoS attacks, MAC address vulnerabilities
  Wireless testing tools
 WLAN security countermeasures

About the author
Russell Dean Vines is a bestselling author, Chief Security Advisor for Gotham Technology Group, LLC, and former President of the RDV Group. His most recent book is
The CISSP and CAP Prep Guide, published by John S. Wiley and Sons.

This was first published in February 2007

Dig deeper on Identity management and access controls

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close