29
Appendix B: Wireless Security
What Are the Risks?
Wireless-B Ethernet Bridge
5) SSID
There are a few things you can do to make your SSID more secure:
a. Disable broadcast
b. Make it unique
c. Change it often
Most wireless networking devices will give you the option of broadcasting the SSID. This is a option for
convenience, allowing anyone to log into your wireless network. In this case, however, anyone includes hackers.
So don't broadcast the SSID.
A default SSID is set on your wireless devices by the factory. (The Linksys default SSID is “linksys”.) Hackers
know these defaults and can check these against your network. Change your SSID to something unique and not
something related to your company or the networking products you use.
Changing your SSID regularly will force any hacker attempting to gain access to your wireless network to start
looking for that new SSID.
With these three steps in mind, please remember that while SSIDs are good for segmenting networks, they fall
short with regards to security. Hackers can usually find them quite easily.
6) MAC Addresses
Enable MAC address filtering if your wireless products allow it. MAC address filtering will allow you to provide
access to only those wireless nodes with certain MAC addresses. This makes it harder for a hacker using a
random MAC address or spoofing (faking) a MAC address.
7) Firewalls
Once a hacker has broken into your wireless network, if it is connected to your wired network, they’ll have
access to that, too. This means that the hacker has effectively used your wireless network as a backdoor through
your firewall, which you've put in place to protect your network from just this kind of attack via the Internet.
You can use the same firewall technology to protect your wired network from hackers coming in through your
wireless network as you did for the Internet. Rather than connecting your access point to an unprotected switch,
swap those out for a router with a built-in firewall. The router will show the access point coming in through its
Internet port and its firewall will protect your network from any transmissions entering via your wireless network.