Modernizing Authentication — What It Takes to Transform Secure Access
As if battling worms, managing servers and keeping everyone's desktop from bursting into flames weren't enough, now IT staffers are being asked to add Wi-Fi access to their networks. An admin's work is never done.
Sadly, the very radio frequencies that allow you to surf the Web and trade IMs can deal a serious blow to your once-impenetrable systems if the access points set to receive them aren't properly configured. It turns out that 802.11x, while popular, can't name security as its strongest suit.
Besides plowing through manuals and whitepapers, what is an administrator to do? Ask the pros, of course.
Luckily, last month AO quietly debuted a new Wireless Security forum where IT veterans and networking newbies alike can discuss how to add wireless access without compromising your defenses.
So drop by our newest forum, click around, register if you're not already a member (it's free) and contribute to this growing AO forum.
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
From Wi-Fi MAC Address-based Authentication:
cold_connection wants to know if there's anything beyond MAC address-based authentication that can help harden a network. bballad tells us...
WEP or WPA are your best bets combined with MAC address-based connections. Beyond that, use sound local and network security on your systems, no anonymous access, strong file level permissions, etc. On your gateway/firewall box, set user limits on Internet access. When going wireless understand that your footprint onto the world is *very* big.Click here for the rest.
From Choosing a Wireless Router:
tarpi is charged with providing Wi-Fi access to students at an institute...
I was recently asked to pick a wireless router to set up Internet access for a classroom/lab in the small institute where I teach. There are 30 attendees taking 3 hours of lecture and 3 hours of class every day for 9 months. They need access to the Web, and ability to share files, perhaps a printer, etc.How would you go about setting this up?
Does anyone have any experience in any particular wireless routers that can handle the load well? Ballpark figures for the cost would also be appreciated. I want to set up a separate DMZ behind that router to keep the [stuff] that they bring away from our main router (CISCO1700).
From Determining Security of a Wireless LAN:
reak attack simply asks...
How can I check the security of my LAN?A plethora of Web resources follows, including this from security guru tonybradley:
Well, to "toot my own horn" as they say- you can read Wireless Network Security For The Home. You can also find a lot of useful information on JiWire.com (I wrote a feature article for them which should post in the next week or two).Placate your wireless worries at AO's new Wireless Security forum.
Aside from that, I would also recommend simply testing security the "old-fashioned way" by using something like Shields Up or Anonymizer to perform free penetration tests and give you some basic info on what the outside world can see.
It won't help you identify what someone using Kismet or NetStumbler can discover sniffing wireless packets from your driveway, but it will help you learn how secure your network is to the outside world as a whole.