1. Using encryption.
Encryption is the first security measure, but many wireless access points (WAPs) do not use encryption as a default. Although many WAP has Wired Equivalent Privacy (WEP) protocol, but not enabled by default. WEP does have some holes in securitynya, and an experienced hacker would be able to open it, but it's still better than no encryption at all. Be sure to set the WEP authentication method to "shared key" rather than "open system". To "open system", he did not encrypt data, but only authenticate the client. Change the WEP key as often as possible, and use 128-bit WEP compared with the 40-bit. 2. Use strong encryption.
Because of the weakness of the existing weaknesses in WEP, then it is advisable to use a Wi-Fi Protected Access (WPA) as well. To use WPA, WAP had to the support. The client side must also be able to support WPA TSB.
3. Change the default administrator password.
Most manufacturers use the same administrative password for all their products WAP. The default password is usually already known to the hackers, which can be used to change the settings on your WAP. The first thing that must be done in the WAP configuration is changing the default password TSB. Use at least eight characters, any combination of letters and numbers, and do not use the word of words in the dictionary.
4. Turn off SSID Broadcasting.
Service Set Identifier (SSID) is the name of our wireless network. By default, the SSID of the WAP will be in the broadcast. This would make it easier to locate network users TSB, because SSID will appear in the list of available wireless networks that exist on the client. If the SSID is turned off, users must first know its SSID can be connected to the network rather TSB.
5. Turn off when not in use WAP.
The way this one seems very simple, but few companies or individuals do it. If we have users who only connect at certain times only, there is no reason to run a wireless network at any time and provides an opportunity for intruders to carry out his evil intentions. We can turn off the access point when not in use.
6. Change the default SSID.
Factories provide a default SSID. Usefulness of the SSID broadcast is turned off to prevent anyone else know the name of our network, but if you still use the default SSID, will not be difficult for us to guess the SSID of the network.
7. Using MAC filtering.
Most WAP (not the cheap cheap of course) will allow us to use the filter media access control (MAC). This means we can create a "white list" of computers may access the computer that our wireless network, based on the MAC or physical address of the network card in each pc. Connections from the MAC is not in the list will be rejected.
This method is not always safe, because it is still possible for a hacker to do packet sniffing that we transmit via the wireless network and get a valid MAC address from one of the users, and then used it to make a spoof. But MAC filtering will make an intruder difficulties that are still very good candidate.
8. Isolate the wireless network from the LAN.
To protect the cable from the internal network threats coming from the wireless network, it is important to make a wireless DMZ or perimeter network is isolated from the LAN. This means installing a firewall between the wireless network and LAN.
And for wireless clients that require access to the internal network, he must first authenticate to the RAS server or use VPN. This provides an extra layer for protection.
9. Wireless signal to control
802.11b WAP transmits waves of up to approximately 300 feet. But this distance can be added by replacing with a better antenna. By using high-gain antenna, we can get more distance. Directional antenna will transmit signals in a particular direction, and pancarannya not circular as in omnidirectional antennas that are usually found on the package setandard WAP. In addition, by selecting the appropriate antenna, we can control distance and direction signals to protect themselves from intruders. In addition, there are several settings that can be WAP signal strength and direction through WAP config TSB.
10. Emit waves at different frequencies.
One way to hide from hackers who often use technologies 802.11b / g is more popular is to use 802.11a. Because 802.11a works on a different frequency (ie in the frequency of 5 GHz), the NIC is designed to work on technology that is popular not be able to catch the signal TSB.
selengkapnya
