This article is about different kind of Best Practices that should be followed when using Wireless LAN.
- No need to be connected physically with each other through any medium such as cables. You can roam around freely in office premises, home or around.
- WLANs are cost effective. Cabling all the way in the offices, hotels etc are not needed. So its cheap and provide same quality of service.
- Unreachable spots where a cable is hardly accessible, WLAN signals can reach out such as big installations like airports. Also surfing outdoors is also convenient. Just install the device called Access Points (AP) and you are done.
- Less interruption and easy trouble shooting in case of failures as compared to cabled networks.
- More secure as most of APs support best encryption methods which protect them from sniffing and other attacks.
- How much is your wireless network secured in terms of encryption being used.
- Monitoring for suspicious and unusual activities.
- User awareness and education.
Wi-Fi at home
Wi-Fi in a Corporate/Enterprise Network
- Defining an adequate organization wide Information Security policy & procedures for wireless network
- SSID’s should not be associated with the organization, AP vendor or any other related information which would be easy to guess or associate with the current organization
- Enable WPA2 Enterprise encryption with RADIUS authentication and use of EAP protocol like EAP-TTLS, TLS etc.
- Implementation of PKI infrastructure. CA signed certificates to authenticate the server to client and vice versa
- Filtering of clients based on unique identifier like MAC Address
- Isolated ‘Guest’ wireless network with no interface / connection to the corporate network
- Limiting the radius of Wi-Fi network by reducing the power output of the AP
- Allocating IP Address to the employee and guest machines only after successful authentication
- Periodically changing the keys & passwords
- Use of VPN while accessing corporate information from Public Wi-Fi network
- Client side utilities like DecaffeintIDcan help in detecting changes in ARP table and serve as common man’s IDS to protect against attacks like ‘hole196’ and DoS.
- Implementation of Wireless IDS. Wireless IDS is a new concept. The key features of Wireless IDS are:
- Prevention against Rogue AP’s
- Detection & prevention against DoS attacks
- Assistance in locating the approximate physical location of the attacker
- Assistance in enforcing the Organization’s Information Security policy on wireless networks
- Detection of use of scanning tools like Kismet &NetStumbler