- Posts: 4
- Thank you received: 0
How to secure wireless lan
20 years 6 months ago #4282
by ezbuddie
How to secure wireless lan was created by ezbuddie
My boss asks me to setup a wireless lan inside a shop in a shopping mall. It is around 1000 sq meter which I plan to setup 8-10 access points (802.11g). Since it is a public area which is very easy to be hacked. Therefore, I'll improve the security by rename default SSID and disable broadcast SSID, enable WEP, build Access Control List. (details at bottom).
According to some books, high securiy can implement firewall or even VPN tunnel between the wired and wireless network (devices). For me, it is still a concept. Can anyone share to me how to equip the WLAN in high security mode ???
SSID (Service Set ID)
SSID is a unique network identifier with a
maximum of 32 characters. Each wireless
access point has to be assigned with an SSID.
The WLAN clients need to know the SSID of the
access point to be connected with. The SSID can
also be used to differentiate one WLAN from
another. The access points and clients
connected to a specific WLAN must use the
same SSID.
WEP (Wired Equivalent Privacy)
As its name say, WEP is designed to provide an
equivalent level of privacy in the wireless
environment as it is in the wired environment.
WEP uses a shared and static key, known to
both access points and clients, to encrypt data
packets before transmission. Up to 4 sets of
static keys can be defined in access
points/clients. WEP uses either a 40-bit or a
128-bit encryption mechanism for encryption.
For most WLAN access points, WEP is disabled
by default.
ACL (Access Control List)
ACL (Access Control List) is used in some WLAN
access points to control client access. The ACL is
usually based on the client’s wireless Ethernet
MAC address which is unique in each client. The
ACL is a database to store the MAC address that
can access the WLAN. If the client’s MAC
address is not listed in the ACL, his/her access
will be denied.
According to some books, high securiy can implement firewall or even VPN tunnel between the wired and wireless network (devices). For me, it is still a concept. Can anyone share to me how to equip the WLAN in high security mode ???
SSID (Service Set ID)
SSID is a unique network identifier with a
maximum of 32 characters. Each wireless
access point has to be assigned with an SSID.
The WLAN clients need to know the SSID of the
access point to be connected with. The SSID can
also be used to differentiate one WLAN from
another. The access points and clients
connected to a specific WLAN must use the
same SSID.
WEP (Wired Equivalent Privacy)
As its name say, WEP is designed to provide an
equivalent level of privacy in the wireless
environment as it is in the wired environment.
WEP uses a shared and static key, known to
both access points and clients, to encrypt data
packets before transmission. Up to 4 sets of
static keys can be defined in access
points/clients. WEP uses either a 40-bit or a
128-bit encryption mechanism for encryption.
For most WLAN access points, WEP is disabled
by default.
ACL (Access Control List)
ACL (Access Control List) is used in some WLAN
access points to control client access. The ACL is
usually based on the client’s wireless Ethernet
MAC address which is unique in each client. The
ACL is a database to store the MAC address that
can access the WLAN. If the client’s MAC
address is not listed in the ACL, his/her access
will be denied.
20 years 5 months ago #4294
by dreamer
Replied by dreamer on topic Re: How to secure wireless lan
Hi,
don't know much about wireless networking but you can always try to check your security using some tools that hackers also use for instance:
NetStumbler (Windowsbased): the disadvantage of this application is that it relies on one form of wireless network detection. So when you disable broadcast probe request no networks will be detected.
Kismet (Linuxbased) I believe this is one of the best applications there is (also for wardriving). Cause it has different methods for detecting wireless networks. When it can Kismet will also gather additional information when possible.
Some other (usefull) tools are: Wellenreiter (discovery tool), THC-RUT (discovery tool), WEPcrack (an encryption breaker to crack 802.11 Wep encryption keys) and AirSnort (captures packets and when enough packets are gathered then it try's to crack the encryption key).
You also might want to check out www.airdefense.net/whitepapers/
Greets
don't know much about wireless networking but you can always try to check your security using some tools that hackers also use for instance:
NetStumbler (Windowsbased): the disadvantage of this application is that it relies on one form of wireless network detection. So when you disable broadcast probe request no networks will be detected.
Kismet (Linuxbased) I believe this is one of the best applications there is (also for wardriving). Cause it has different methods for detecting wireless networks. When it can Kismet will also gather additional information when possible.
Some other (usefull) tools are: Wellenreiter (discovery tool), THC-RUT (discovery tool), WEPcrack (an encryption breaker to crack 802.11 Wep encryption keys) and AirSnort (captures packets and when enough packets are gathered then it try's to crack the encryption key).
You also might want to check out www.airdefense.net/whitepapers/
Greets
20 years 5 months ago #4344
by ZiPPy
ZiPPy
wow! thats gonna be a fun task. I setup a small wireless setup in my apartment using the Netgear Wireless 108G router. I posted a post regarding a bottleneck problem. (not wireless but using cat5) I have that router also as my firewall. So I am still looking into that bottleneck problem. But as far as wireless setup I myself am still working and looking more into it. So let me know how that setup goes, would love to hear how it went.
ZiPPy
ZiPPy
ZiPPy
20 years 5 months ago #4346
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: How to secure wireless lan
I'll be attending a seminar on wi-fi setup and security issues sometime next week (i hope).. will let you guys know what interesting stuff i pick up.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.128 seconds