Information Technology News Who’s on first? Wireless network security with Linux | Who’s on first? Wireless network security with Linux |
|
| by David M Williams | |
| Tuesday, 06 November 2007 | |
|
Page 1 of 3       
As soon as a wireless access point is installed it begins emitting broadcasts, announcing its Service Set Identifier (SSID) to all and sundry. This is useful: it makes discovery and initial client configuration very swift and painless. Yet the downside is obvious; this doesn’t just help your users but any person who is armed with a wireless card – be it in their laptop, PDA or iPod Touch! This problem can be counteracted; most all access points (APs) will let you prohibit SSID broadcasts. In this case, the AP waits for a client to connect with the proper SSID and channel. The network is now harder to find – popular tools like NetStumbler won’t see it – and if it is harder to find, it is also more secure. General ease-of-use is hampered; your users must know the SSID and network settings in advance in order to connect but nevertheless, from a security viewpoint, a closed network is the ideal foundation to commence designing a secure wireless network. Even if a malicious person isn’t striving to penetrate your network but instead commit a denial of service (DoS) attack they will be held back by a closed network. Additionally, environmental concerns must be taken into account. Concrete buildings, steel frames, even translucent glass walls will all be obstacles to the strength of your wireless signal. You may require multiple access points to provide coverage throughout your entire building. Whether you go with one or more, try and begin locating them as close to the centre as possible. This serves two goals, both relating to the fact the signal radiates outwards. Firstly, you are giving more users an opportunity to have the best signal quality (whereas if you place the access point in a corner, you are wasting some of its best coverage), and secondly you are minimising the strength of your signal outside the building. The weaker the signal outside your physical perimeter, the less likely an attacker can exploit it.
Once you have placed access points, walk around and probe the network strength using tools like NetStumbler. This helps determine where the signal is optimal and whether it is accessible outside. Relocate the access points if desired using the information you gather. Be especially wary of coffee shops or parking lots or similar locations where potential attackers could work without visibly appearing to be up to anything. Another important factor in designing your wireless infrastructure is the quality of logging that an access point can provide. All good administrators review their system’s event logs, but not all admins think to check – at least, on a regular basis – the logs produced by the various hardware infrastructure items like routers, managed switches, firewalls and other devices. This includes wireless access points.
|
| < Next story in category | Previous story in the category > |
|---|
