Page 251 - StudyBook.pdf
P. 251

Communication Security: Wireless • Chapter 4  235

                 Implementing Wireless

                 Security: Common Best Practices


                 As seen from the above, wireless security is a large, complex topic.Administrators
                 wishing to implement wireless networks should exercise due care and due diligence
                 by becoming as familiar as possible with the operation and vulnerabilities of wire-
                 less networks and the available countermeasures for defending them. Installing a
                 wireless network opens up the current wired network to new threats.The security
                 risks created by wireless networks can be mitigated, however, to provide an accept-
                 ably safe level of security in most situations. In some cases, the security require-
                 ments are high enough that the wireless devices will require proprietary security
                 features.This might include, for example, the ability to use TKIP and MIC, which
                 is currently only available on some Cisco wireless products, but may be available on
                 other products in the near future. In many cases, however, standards-based security
                 mechanisms that are available on wireless products from a wide range of vendors
                 will be sufficient.
                    Even though many currently implemented wireless networks support a wide
                 range of features that can be potentially enabled, the sad fact is that most adminis-
                 trators do not use them.The media is full of reports of the informal results of site
                 surveys conducted by wardrivers.These reports provide worrisome information, for
                 example, that most wireless networks are not using WEP and that many wireless
                 networks are using default SSIDs.There is no excuse for not minimizing the secu-
                 rity threats created by wireless networks through the implementation of security
                 features that are available on most wireless networks.The following is a summary of
                 common best practices that can be employed on many current and future wireless
                 networks.

                      ■  Carefully review the available security features of wireless devices to see if
                         they fulfill your security requirements.The 802.11 and WiFi standards
                         specify only a subset of features that are available on a wide range of
                         devices. Over and above these standards, there is a great deal of divergence
                         of supported features.

                      ■  At a minimum, wireless APs and adapters should support firmware
                         updates, 128-bit WEP, MAC filtering, and the disabling of SSID broad-
                         casts.

                      ■  Wireless vendors are continually addressing the security weaknesses of
                         wireless networks. Check the wireless vendors’Web sites frequently for




                                                                              www.syngress.com
   246   247   248   249   250   251   252   253   254   255   256