CertiGuide to A+ (A+ 4 Real)  9  Chapter 15: Wireless LANs

Putting Your WLAN Together 1 Summing Up

It is important to remember that just because you have the AP, and your client device(s) up and running does not mean you are done. This is where security is a factor. Wireless LANs carry their own set of security issues. Unlike cabled networks, where to “hack in”, someone must dial in to a modem connected unit, hack through their net connection, or actually connect to a cable, with wireless networking, any would be hacker can walk within range with an iPaq, and view everything on your network. This is why, with WLANs, security is crucial.

The most basic form of WLAN security is to require username and password. This is just what you would expect on a wired network. However, there are additional measures you can take to ensure your WLAN is secure. The most common are requiring WEP (Wired Equivalent Privacy) or LEAP (Lightweight Extensible Authentication Protocol) encryption processes. These further ensure that casual wireless eavesdroppers cannot connect to your wireless network at all. You must keep these in mind when purchasing your wireless equipment, since not all devices are WEP or LEAP enabled.

There are also other methods of access control from your AP. Changing the Service Set Identifier (SSID) is especially important. While the SSID is not itself a security feature, it does help to control access. Think of the SSID like the “Workgroup” name used so often in a Windows environment. The SSID broadcasts from the AP, so while changing the name to something you create is helpful, it alone is not enough. Unfortunately, there are lists available of the factory set default SSIDs for almost all available APs. They include the following:

• “Default SSID”
  
  
• “tsunami” -(Cisco)
  
  
• “101” (3Com)
  
  
• “RoamAbout Default Network Name” (Lucent/Cabletron)
  
  
• “Compaq” (Compaq)
  
  
• “WLAN” (Addtron, a popular AP)
  
  
• “intel” (Intel)
  
  
• “linksys” (Linksys)

This means that anyone who sees a beacon calling itself one of the default SSIDs in the list above will know what AP you are using, and that you did not think to change the network identifier. You can “close” the network, or tell the AP not to broadcast the SSID. This means that clients will have to know the correct SSID before detect the presence of the AP and can connect.

It is also a good idea to use MAC filters. While using MAC filters can decrease your data transmit rates, it will only allow mobile units whose MAC addresses have been specified access to the network. The downside here is that MAC addresses are broadcasted as well, so anyone with the proper sniffing tools can view available MAC addresses and then disguise himself to access the network.

Putting Your WLAN Together 1 Summing Up