If you are running a “public” Access Point or are broadcasting your wireless SSID, as is the default setting in most consumer-grade Access Points. Be sure the wireless access points are outside your perimeter firewall, and separated from the other computers that are wired to your network.
MAC address-based ACLs (Access Control Lists) will allow only registered devices to access the network. This is AKA “MAC Filtering”. Each wired and wireless network device MUST have a MAC address - as mandated by the FCC.
Change your SSID immediately! All Access Points come configured with a default SSID (Service Set IDentifier). If you can have the time, regularly change the SSID. Disable the automatic SSID broadcast feature, if you can.
WEP it up tight! WEP is designed to provide wired-like protection by encrypting wireless data as it transmits information. WEP (Wired Equivalent Privacy) is a protocol that encrypts packets during transmission then they are sent, they are unencrypted by the remote end, then routed. Simply put, enable WEP, then immediately change the WEP key from the default. Make a strong WEP key using alphanumerics.
VPN - Virtual Private Network. This is a a secure end-to-end tunnel between user and network. You won’t find this as a standard feature of all Access Points, but an AP that creates an encrypted tunnel between two points is worth the extra money for this security measure.
Check in with RADIUS - Remote Dial-up users of larger companies are often authenticated to use the network through a RADIUS (Remote Authentication Dial-In User Service) server. IT managers can integrate wireless LANs into the existing RADIUS infrastructure to simplify user management.
Simplify your security: integrate wireless and wired policies. For example, a single user name and password for users no matter if they are connecting through your wired or wireless infrastructure.
Avoid a multi brand mess. Watch out for the “Proprietary Hardware Trap”. Also, purchasing only one brand will ensure you will avoid common incompatibilities between vendors who bear the “WiFi Certified” logo on their packaging. Not all vendor equipment will interoperate with another vendor’s equipment. Compare Brands - Actually, this is just common sense. Investigate the features of several low, medium, and higher priced options. Compare the security features of each one to determine your most cost effective purchase.
Don’t allow �Bob in marketing� to sprout a rogue network. WLAN set up is now simple enough that non-technical staff are installing their own wireless routers or access points in their office departments, with little thought for security. Regularly scan the network with intrusion detection tools to root out rogue networks that provide a potentially susceptible hacker entry point. Ensure a policy that restricts WLANs from being established without formal systems administration approval and deployment.
Don�t put all your encrypted eggs into one basket. For example, WEP is one security layer of many and should not be relied on as the sole security measure, despite its role as the pre-eminent encryption security. Many network administrators have learned this lesson the hard way. Pick at least 3 of these TOP 10 tips and make sure you Read The Fine Manual.
Suggestion: HAVE FUN - don’t give up, challenge yourself! You never know, you might learn something new.