On Friday 11 Jul 2003 11:42 pm, Wayne Stallwood wrote:
Well the other thing you could do is a MAC address lockdown, I assume by hidden access points you mean ones that don't broadcast their ID
MAC address lockdown was done prior to the wireless service going live. By hidden access point, I mean the wireless provider ID string is not broadcast.
[ ... ]
Depending on what you use the Wireless network for, you could firewall out stuff you don't need.
The AP is connected to a NIC inside our gateway. The gateway is multi-homed, so unless our firewall rules let traffic go across, nothing gets through.
[ ... ]
Survey the footprint of your Wireless Coverage. Is your business surrounded by a secure compound, if so can you move access points so that there is minimal network availability beyond the premieter of your Business. Your not going to stop somebody with High Gain antennas or High Sensitivity wireless gear. but you will reduce the chances of discovery. Most wardrivers do just that. Drive past and wait for their laptop or PDA to go bling, if the network is not available by the time you get to the nearest public road then the chances of discovery are much lower.
We are moving into larger offices later this month. The buildings we are moving out and and into are both regional development buildings so house multiple companies, hence we hide the AP, limit MACs, require a strong key which will change every month or so and have it on a NIC that's firewalled. Not much else we can think of on a practical level... Unless you guys can.
Over and above all of this I think the best thing is to pretend to forget the keys and passwords you know, Install Airsnort (or your tool of choice) on a Laptop and actually attempt to break in yourself
The guy who set it up I believe has this on a Mac laptop, and monitors the traffic. We also have rrdtool monitoring traffic on all the NICs in the gateway machine. If someone connects and transfers traffic, we'll at least know about it.
James