You should use a layered security
approach to fortify your wireless network. AirDefense recommends that you follow
these guidelines to secure a wireless network utilizing WEP wireless devices:
Use WEP Cloaking to protect the
wireless network using WEP Encryption.
Enable policy-based termination on a
Rogue Wireless Client and Replay Injection Attack alarms.
If the devices support PSPF (Public Secure
Packet Forwarding) mode, also referred to as AP isolation, you must enable it. PSPF
mode prevents wireless client to wireless client communication and will limit the
effectiveness of typical replay attack.
When choosing your WEP key, it is
best to use a randomly chosen hexadecimal key.
Analyze the power output of APs to
ensure that the AP is not transmitting any further than is necessary.
Authorize only specific data rates:
Check the allowed data rates
for each AP to ensure that unnecessary distant wireless associations do not
provide wireless client access to the network through the AP. This would
result in a low negotiated data rate.
If the AP is 802.11b/g and
the WEP wireless clients require 802.11b devices and not 802.11g, disable
the AP from supporting data rates higher than 11 Mbps.
Use a combination of VLANs, ACLs, and
firewall rules to restrict wireless client access to wireless LANs. This adds
multiple layers of security to the wired network to reduce the damaging consequences
of a successful wireless breach.
Use statically assigned wireless
client IP addresses.
