Here are examples of wireless network security best practices:
Wireless Network Security Best Practices
1. Disable SSID Broadcasting
Each wireless access point has a service set identifier (SSID), which is a name that identifies the wireless LAN. By default, most wireless access points broadcast their SSIDs, which means that anyone in range of the wireless network can easily see which network they are trying to connect to.
This is a security risk because it allows intruders to easily find your network. Disable broadcasting of your SSID by changing the configuration of your wireless access point to match the following settings:
SSID Broadcast: Off
Media Access Control (MAC) Address Filtering: On
2. Enable Encryption for Data and Management Traffic
Wireless encryption involves using a pre-shared key to encrypt data before sending it across the wireless network. This key should be at least 64 bits long and should be changed every month or so.
Configure into the Same Encryption Settings with the Wireless Access Points. Ensure that any wireless devices you use in your facility are configured to use the same encryption settings as your wireless access points.
Wireless encryption should be used for both data and management traffic because clear-text management traffic can be captured and analyzed to determine the management operating system being used and which services are available.
3. Configure MAC Filtering
MAC filtering involves configuring a wireless access point to allow only specific devices to connect to it. The MAC address of each device must be added to a list of allowed devices on the wireless access point so that only those devices can connect.
The MAC addresses of wireless clients can be found in two ways: through the client configuration interface provided by the operating system being used by that device, or through a packet capture utility such as Wireshark.
If an intruder can connect to your wireless network simply by typing in your SSID, then they can simply go through the process of finding their MAC address and adding it to their device list on your wireless access point. You should therefore choose a strong password that is at least 15 characters long and use a MAC filter that restricts access only to specific MAC addresses.
4. Understand Who Has Access To What Through Your Wireless Network
Wireshark allows you to see which computers have connections to your network; and what they have been doing while they were connected (e.g., file shares, FTP servers, etc.). It also allows you to see when they originally connected as well as when they disconnected from the network.
By knowing who has been connected to your network, you can better understand how your security has been breached if an attack does occur and how it might have occurred (e.g., how many people know about your poor password?).
5. Use Strong Passwords for Your Wireless Access Points
All of your wireless access points must use strong passwords because weak passwords make it possible for attackers to easily decrypt all of the encrypted traffic on the network. Strong passwords are generally in consideration to be at least 15 characters long. That is, including numbers and symbols, and not basing on dictionary words or names.
