By Robert J. Shimonski

In this article, we will discuss what every Wireless Administrator should do (or think about) to keep their Wireless LANs (WLANs) safe and secure. Every time you deploy a Wireless network, you should always ask yourself the following questions outlined within this article. Much has been done to secure wireless transmissions, but there are still items missed that can help your security posture, that many administrators are still not doing and are very important. Before you read this article, you can read my other two Wireless articles, which are primers and lead up to this one.

You can find them here: Wireless Attacks Primer and Wireless Security Primer 101 (Part I) of this article. Between all three articles, you should have a good understanding or Wireless and the security fundamentals behind it.

Enable and configure WEP

From the IEEE, we have standards such as 802.11b. As part of those standards, there must be a way to secure Wireless transmissions the same way that they are secured on a Wired network. WEP – hence the name ‘Wired Equivalent Privacy’. Wired Equivalent Privacy (WEP) is a security protocol, specified in the IEEE Wireless Fidelity (Wi-Fi) standard, 802.11b, which is designed to provide a wireless local area network (WLAN) with a level of security and privacy comparable to what is usually expected of a wired LAN. Radio Waves are not bound by walls nor wires, so it’s hard to protect access to wireless with physical based control. If your Wireless network is not secured properly, it will be very easy for an attacker to penetrate your network especially if you think its secures like a wired network can be locked down. WEP seeks to establish similar protection to that offered by the wired network's physical security measures by encrypting data transmitted over the WLAN. WEP, with strengths of 40/64 bit and 128bit, will allow you to achieve security over your wireless network.  Encryption protects the highly vulnerable wireless system between devices. WEP is in fact crackable especially in its weaker strengths. There are tools that exist that will allow you to capture traffic and analyze it, and run code against it to crack it. This doesn’t mean its useless, 128 is pretty tough to crack, so use it! Don’t leave it out. Ill put it to you like this, if you don’t use WEP and leave your wireless system open and not ‘closed’ (where the SSID is broadcasted), then WEP may be your only chance at stopping penetration so make sure you use it.

Secure your SSID

The SSID is called the service set identifier (SSID for short) and it is a used for identification purposes within a WLAN. Data that is transmitted needs to have the proper SSID between the client and the Access Point so that both items are identifiable on the network. You can think of the SSID as a sort of password used between the devices so that acknowledgment can happen, and data can be transferred. In a sense, you can almost think of the SSID as the ‘Workgroup” name used in Windows based operating systems – if that is an easier way for you to think of it and remember it. What is nice about SSID’s is that you can divide your network up with them… and this is where the problems come in. Many administrators are not to well versed in Wireless Security (because the technology is sparsely used and fairly new on the market) so when you mention a tool like ‘Netstumbler’ to them, they may shrug their shoulders because they are not sure what that is. Netstumbler is the tool you can use to find open systems broadcasting their SSID’s and with a little effort, your WLAN can be exploited. Your SSID’s are best served by the following three rules:

1. Change the Default SSID!
2. Change the SSID at frequent intervals
3. Make sure you are not running an Open System
4. Do not use very easy or identifiable SSID’s

Most SSID’s are based on the vendor you purchase them from. In other words, if you bought a Linksys AP, your SSID will be Linksys. This is just way too easy to be exploited and to get and use against you (with tools like Netstumbler) so make sure you change the default SSID.

You can also make sure that you make a schedule at frequent intervals to change your SSID’s as time progresses. This is also a very common item to securing your WLAN that is missed, forgotten or not considered at all.

Make certain that you are not running an open system. In a nutshell, remember that its important to not have the SSID broadcasting so a hacker can pick it up with freeware tools readily available on the Internet. Not doing this defeats your entire WLAN security infrastructure.

DO NOT under any circumstances use an easy to guess or exploit SSID scheme. Many Administrators may be interested in the KISS theory – Keep it Super Simple… and you may find an SSID list like this:

• Finance Department: SSID = ‘Finance’
• MIS Department: SSID = ‘MIS’
• Marketing Department: SSID = ‘Marketing’ 

And so on… the point here is, this is unimaginably prone to guesstamation. You can do something like this instead:

• Finance Department: SSID = ‘Finfloor1’
• MIS Department: SSID = ‘MISfloor2’
• Marketing Department: SSID = ‘Mrktfloor3’

This is just a simple scheme to prove a point, but nonetheless, you need to understand that with a closed system, the SSID is not broadcasted, therefore it cant be picked up with tools, its not easily guessed and best of all, its not the default SSID like ‘Linksys’ which is ridiculously easy to exploit because it’s the vendor name to the product being used as an SSID. Don’t think for one second that there isn’t  a list out there with all the default SSID’s available and that this is ‘not’ used when engaging in a active penetration attack on your WLAN, thinking this will get you in trouble… Secure the SSID!

---

Source and more:  Windows Seucurity