Guidelines for securing Wireless Communications

Guidelines for securing Wireless Communications

• Always use strong password for encryption
• A strong password should have atleast 15 characters, uppercase letters, lowercase letters, numbers and symbol. Also it is recommended to change the encryption key frequently so that it makes difficult for the cracker to break the encryption key. Do not use WEP for encryption, rather use WPA/WPA2.
• Always use the maximum key size supported by accesspoint for encryption
• If the keysize is large enough, then it takes more time to crack the key by the hacker. Also it is recommneded to change the encryption key frequently so that it makes difficult for the cracker to break the encryption key.
• Isolate the wireless network from wired network with a firewall and a antivirus gateway.
• Do not connect the accesspoint directly to the wired network. As there is a chance of comprimised wireless client inturn effecting the systems in the wired network, a firewall  and an antivirus gateway should be placed between the accespoint and the wired network.
• Restrict access to the Access Point based on MAC address
• In order to allow authorized users to connect to the Access Point, wireless clients should be provided access based on MAC address.
• Change the default username and Password of the Access Point
• Most of the users do not change the default passwords while configuring the Access Point.But it is recommended to keep a strong password, as this default password information can be known from product manufacturers.  
• Shutdown the Access Point when not in use
• Hackers try to brute force the password to break the keys, so it is good practice to turn off  the Access points during extended periods of Non-use
• Do not broadcast your network name
• SSID information is used to identify a Access Point in the network and also the wireless clients connect to the network using this information. Hence, in order to allow authorized users to connect to the network, the information should not be provided in public.
• Always maintain a updated firmware
• Updating the firmware of  accesspoint is recommended, as it will reduce the number of security loop holes in the accesspoint.
• Use VPN or IPSEC for protecting communication
• When the information flowing from wireless client to the wired network receiver is critical, then it is recommended to use VPN or IPSEC based communication so that the information is protected from sniffers in the network.
• Do not make the SSID information public    
• SSID information is used to identify a accesspoint in the network and also the wireless clients connect to the network using this information. Hence, in order to allow authorised users to connect to the network, the information should not be provided in public.
• Disable DHCP service                   
• When the number of users accessing the Access Point is less, it is recommended to disable the DHCP service. As this may make the attackers easy to connect to the network once they get associated with the Access Point