4.4 Securing Wireless LAN Connections If SSL Is Disabled

Protecting a wireless network requires forethought and planning, just as protecting a wired network does. Among the key protective measures to be undertaken are:

  • Enable WEP (Wired Equivalent Privacy) encryption, but do not rely on WEP alone to provide security for the wireless network. Use other typical LAN security mechanisms such as VPNs, firewalls, and authentication to ensure privacy. For information, see Section 4.3, Securing Communications with a VPN If SSL Is Disabled.

  • Survey the interference and jamming likelihood for a planned wireless LAN before it is installed.

  • Change the default manufacturer’s password for your wireless access points, gateways, or routers.

  • Limit, as much as is possible, who can attach to a wireless network. For example, using MAC address filtering is practical for small networks, but it is a time-consuming administrative effort for large networks.

  • Use an anonymous Service Set Identifier (SSID) by turning off the SSID broadcast for access points.