Hardening Wireless LAN Connections Part 1 - Hardening Wireless Access Points
(Page 5 of 11 )
Although all wireless access points have unique interfaces, they share common functions and processes that can be hardened. This section focuses on what you can do to harden the WAP itself. We will look at the following hardening steps:
- Hardening remote administration
- Configuring the Service Set Identifier (SSID)
- Configuring logging
- Configuring services
- Configuring wireless mode
It would be impossible to detail the procedures for hardening every type of wireless access point manufactured; therefore, I will illustrate the specific hardening steps for the following WAPs:
- Cisco Aironet 1200 running IOS version 12.2(13)JA2
- Linksys WAP54G running firmware version 2.06
- Dell TrueMobile 2300 running firmware version 3.0.0.8 in access point mode
Heads Up!
Many of the configuration changes you make to the Dell TrueMobile 2300 require a restart before they take effect. This can make it difficult to make changes during production hours or while clients are connected to the WAP.
The instructions in this chapter assume that you have configured the device with an IP address that is relevant for your network and that you have already connected to the respective web-based management GUI and successfully logged on. In addition, the screen references refer to the menus you would need to click to access the given screen. For example, “go to the Security | Admin Access screen” means that you must click the Security menu and then the Admin Access menu to be presented with the screen in question. |
Hardening Remote Administration
Like all our network devices, we should secure our WAPs against unauthorized remote administration. Unfortunately, unlike many network devices, virtually all WAPs fail miserably at providing secure remote administration. This is due to most of them providing only an unencrypted management protocol such as Telnet or HTTP for connecting to the device. Even with that gross oversight in security, certain steps can be taken to harden remote administration. The most important task is to change the default administrative username and to implement passwords that conform to your password security policy.
 This is from Hardening Network Infrastructure, by Wesely Noonan (McGraw-Hill/Osborne, ISBN 0072255021). Check it out at your favorite bookstore today. Buy this book now. |
Next: Changing the Default Administrator Name and Password >>
More Windows Security Articles
More By McGraw-Hill/Osborne
/ 8 
