InfoSec
[General Users] [Youngsters & Students] [Parents and Teachers] [IT Professionals] [SME]
In general, a wireless network can be operated using three different topologies; infrastructure mode, ad-hoc mode and bridging mode. When a wireless network operates in ad-hoc mode, client stations are connected directly and no access point is required. Using this mode, a potential attacker can gain access to a client station easily if the client station is improperly configured. Unless there is a specific business need, the ad-hoc mode should be disabled on wireless devices.
Avoid placing the router against an outside wall or window, or against a common wall with an adjacent home to ensure that the signal does not extend beyond the required area.
To ensure that unauthorised people cannot tamper with your router, try to place it in a physically secure location.
Some routers allow you to reduce the output power of the device. To minimise leakage outside the coverage area the wireless network is meant to service, turn down the broadcast power, if possible. This is one way to prevent too strong a signal from extending beyond the desired wireless broadcast area and being accessible to the "outside" world.
User name and Password
Change the default user name and password
because they are often easily cracked by attackers.
Some manufacturers might not allow you to
change the username, but at least the password
should be changed.
Broadcast Network Name (SSID)
Disable SSID broadcasting or increase the
"Beacon Interval" to the maximum.
Wireless Network Name or SSID
Change the default SSID. The new SSID should
not be named to reflect your name or other
personal information, otherwise the information
could aid an attacker in collecting reconnaissance
data about you.
Encryption (WEP/WPA/WPA2)
Whenever possible, WEP should be avoided.
Instead, use WPA2/AES or WPA/AES if it is supported
on the device.
Authentication Type (Open Authentication
or Shared Key Authentication)
The shared key mechanism should never be used.
Instead, a stronger mutual authentication
as defined in the 802.11i standard should
be considered.
MAC Address Filtering
Enabling MAC address filtering is recommended
as another layer of protection.
Dynamic Host Configuration Protocol (DHCP)
Disabling the DHCP feature, if possible, is
recommended, as DHCP makes it easier for malicious
attackers to access a wireless network.
| Back | Top |
Sitemap | Contact Us | Privacy Policy | Important Notices
Copyright 2002. The Government of the Hong Kong Special Administrative Region.