Bill Detwiler: Whether you’re installing a wireless accesspoint in a home, small office, or large building, following a few bestpractices can make the difference between a reasonably secure network and onethat screams “hack me now!”
I'm Bill Detwiler, and during this episode of TR Dojo, I'lldiscuss five blatant security mistakes to avoid when deploying a new wirelessaccess point.
Wireless hardware manufacturers have made installing andconfiguring new access points pretty simple, for both consumer and enterprisedevices.
But this ease of installation can lull the inexperiencedtech into a false sense of security and lead them to make mistakes duringconfiguration.
TechRepublic blogger Brien Posey has seen these mistakes alltoo often and has put together a list of 10 tips for deploying new wirelessAPs.
From this list and the attached discussion thread, I’vepulled out the advice that deals specifically with security -- as this should beat the top of every tech’s to-do list when setting up a wireless network.
And, the first mistake, made way too often, is using oldequipment that doesn’t support the WPA or WPA2 security protocols. If you’repurchasing new equipment, this shouldn’t be a problem. But too often,individuals and organizations try to reuse outdated equipment to save money.This can be a serious security mistake.
The second mistake on our list is not resetting the accesspoint’s internal administration logon name and password.
After powering on the AP and accessing its admin tool forthe first time, you should immediately change the admin tool’s password and, ifapplicable, the admin tool’s logon name.
Why? Because, access point manufacturers use standard loginnames and passwords for all their devices. And, a quick Internet search is allit takes to uncover this default information.
The third mistake goes hand-in-hand with the second one, andthat’s not choosing a strong enough AP admin or network password.
Weak passwords are vulnerable to brute force, socialengineering, and dictionary attacks. It’s bad enough when end users do it. ITshouldn’t make the same mistake.
I’ll link to several resources for creating strong passwordsin the TR Dojo blog.
The forth mistake is relying on a hidden SSID or MAC addressfiltering for security.
Years ago, both techniques were widely recommended as waysto improve wireless security. But that time has passed.
Using wireless sniffers like NetStumbler and Kismet, anattacker can easily uncover hidden SSIDs. And as I described in one of my veryfirst TR Dojo episodes, it’s also relatively easy to spoof another machine’sMAC address.
Do yourself a favor, use meaningful SSID names so users willknow they’re connecting to the right network and rely on true security measuresfor protection.
The fifth and last mistake on our list is abandoning anaccess point once it’s setup.
Too many IT pros, install APs, configure them to operate,and then forget about them until there’s a problem. And, this can be a verylong time -- years even.
As I mentioned earlier, if your organization still has oldequipment out there running WEP, you should replace it. If you’ve been relyingon WPA with TKIP encryption, you should switch to WPA2 with an AES-basedencryption mechanism.
Also, if practical, you should periodically check the logson your access points for repeated access attempts with the incorrectpassphrase. Some devices can even be configured to send you a message when suchand attempt is made.
Well, I hope you’re not making any of the mistakes on thislist. And if you are, take the necessary steps to address them and avoid themin the future.
Thanks to TechRepublic blogger Brien Posey for proving thefoundation for this list and to TechRepublic members like Neon Samurai forproviding additional information in the attached discussion thread. I’ll linkto both in the TR Dojo blog.
And as always, for more teachings on YOUR path to becomingan IT Ninja, visit trdojo.techrepublic.com, sign-up for our newsletter, orfollow me on Twitter.
Thanks for visiting the TR Dojo.