On Friday 11 July 2003 19:21, James Green wrote:
The guy who set it up was going to do it with IPSec running between client and a LAN firewall, however with us having WinXP, Linux, FreeBSD and Mac, and with very little documentation, that proved impractical.
Now running with hidden access points and a nice long password over 128bit encryption. About as strong as we can make it. Anyone else had ideas / success in this area of security by any chance?
Well the other thing you could do is a MAC address lockdown, I assume by hidden access points you mean ones that don't broadcast their ID
Of course the MAC lockdown means that you have to bless each machine connecting on the Access Points by adding it's address to the MAC list, so from an Administration point of view it's a bit of a pain.
Depending on what you use the Wireless network for, you could firewall out stuff you don't need. i.e. If it's used to allow laptops to collect mail and get on the Internet, you could restrict the Wireless network to just that. Chances are though that you would just generate complaints from users who wanted to use it for file transfer or something else.
Survey the footprint of your Wireless Coverage. Is your business surrounded by a secure compound, if so can you move access points so that there is minimal network availability beyond the premieter of your Business. Your not going to stop somebody with High Gain antennas or High Sensitivity wireless gear. but you will reduce the chances of discovery. Most wardrivers do just that. Drive past and wait for their laptop or PDA to go bling, if the network is not available by the time you get to the nearest public road then the chances of discovery are much lower.
Over and above all of this I think the best thing is to pretend to forget the keys and passwords you know, Install Airsnort (or your tool of choice) on a Laptop and actually attempt to break in yourself