Recommendations for WLAN security

Insecurity and risks with WLAN

Because the data is transmitted via radio frequency, these data can be received by anyone in the vicinity. This means the intrusion into the company's computer network can be easily accomplished if the WLAN is not secured. It's as if you lay an Ethernet cable out to the street and everybody can connect. Heavy damage to the company can be caused by competition or hackers. Also it would be easy at "open Access points" to download company data and also surf in the internet. All WLAN equipment delivered by noax is delivered with unsecured settings. It is in the customers responsibility to set the WLAN system to secure parameters.

Precautions

This can be done with the following instructions:

1. Change the preset "service set identifier" of the access points (SSID or ESSID) to a secure ID of your choice. Avoid obvious names such as your company name etc. Use a mixture of small and capital letters and numbers such as "37bTw49p8lqfA6".
2. Hide the SSID (ESSID) of the access point by activating "Disable broadcast SSID". This prevents the access point from answering with an SSID when somebody tries to scan the network.
3. Also change the preset access password. We suggest that you also use combinations of small and capital letters and numbers such as "te5M223Kau7xc32Kki".
4. If possible use a 128 bit for the WEP key. Caution: This key might be found with special software tools. If this key is found the whole data traffic can be read.
5. Reduce the distance for the WLAN transmission to a minimum necessary for safe reception. Install the right antennas (if necessary directional antennas) to cover your safe area only. With a notebook with WLAN capability, test a possible reception outside your company's area and adjust the access point antennas accordingly for no reception.
6. Disconnect the access point when not needed (outside your working hours)
7. Activate the "test of the Client-MAC-addresses". With this you are safer from unknown hardware.
8. For really sensitive data we recommend having a "Virtual Private Network" (VPN). This VPN is on top of the regular WLAN protocol and keys the data with a special protocol.