Page 253 - StudyBook.pdf
P. 253
Communication Security: Wireless • Chapter 4 237
■ Enable MAC filtering. It is true that MAC addresses can be easily spoofed,
but your goal is to slow down potential attackers. If MAC filtering is too
much of an administrative burden, consider using port-based authentica-
tion available through 802.1X.
■ Consider placing your wireless network in a Wireless Demilitarized Zone
(WDMZ), separated from the corporate network by a router or a firewall.
■ In a WDMZ, restrict the number of hosts on the subnet through an
extended subnet mask, and do not use DHCP.
■ Learn how to use site survey tools such as NetStumbler, and conduct fre-
quent site surveys to detect the presence of rogue APs and vulnerabilities
in your own network.
■ Do not place the AP near windows.Try to place it in the center of the
building so that interference will hamper the efforts of wardrivers and
others trying to detect your traffic. Ideally, your wireless signal would
radiate only to the outside walls of the building and not beyond.Try to
come as close to that ideal as possible.
■ If possible, purchase an AP that allows you to reduce the size of the wire-
less zone (cell sizing) by changing the power output.
■ Educate yourself as to the operation and security of wireless networks.
■ Educate users about safe computing practices in the context of the use of
both wired and wireless networks.
■ Perform a risk analysis of your network.
■ Develop relevant and comprehensive security policies and implement
them throughout your network.
www.syngress.com
