Solved

Wireless Networks

Posted on 2006-11-01
5
180 Views
Last Modified: 2010-04-11
Analyzing some potential weaknesses that I've identified with our wireless networks, I need some advice to see if were covered or possibly additional security procedures I could put in place....

A particular access point is providing connectivity that covers the desired range but also a weak signal outside. Is the only someone could gain access would be if they knew the SSID (which isnt broadcast) ??

I reccomended the SSID doesnt reflect the organisation in anyway, if this was deduced would they still need the WPA2 key?

And also how often would you reccomend going through the premesis to check for unauthorised access points, given that there is a mass of visitors daily?

0
Comment
Question by:pma111
5 Comments
 
LVL 30

Accepted Solution

by:
pgm554 earned 50 total points
ID: 17850710
Don't broadcast the SSID.

If someone needs access,then you tell them the SSID.
And .yes,they do need a key.

Any wireless device can be set up as an access point,so that is pretty hard to keep track of.

Netstumbler maybe once or twice a month ,if your paranoid.

0
 
LVL 10

Assisted Solution

by:0xSaPx0
0xSaPx0 earned 100 total points
ID: 17851369
Finding the SSID is usually not a difficult task, even if its not openly broadcast. Follow the standard Wifi security checklist

1). Don't Broadcast SSID
2). Use Strongest Encryption available to you (WPA based)
3). Use MAC Address Filtering
4). If possible use two factor authentication... Wep Key and Certificate for example.

0xSaPx0
0
 
LVL 8

Assisted Solution

by:jako
jako earned 100 total points
ID: 17854077
one really important risk is often overlooked. it is insufficient service availability and the related DoS attack to expose this risk.
think about the processes that are hindered when there is RF noise being broadcast close to your location.

stay secure
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 50 total points
ID: 17858245
if you wanna increase security you can use a vpn through your wifi network and don't let anybody outside the vpn access your network.
0
 
LVL 8

Expert Comment

by:jako
ID: 17865641
see if you can implement 802.1x http://en.wikipedia.org/wiki/802.1x
that ought to keep the authorized users able to access your resources and at the same time you can give the unauthorized users (like business guests) their network access but unable to access your LAN resources.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now