Wireless LAN – WLAN
BAT54-Rail/F..
Release
7.54
06/08
3.3
Protecting the wireless network
45
3.3 Protecting the wireless
network
A wireless LAN does not, like conventional LAN, use cable as the transmit-
ting medium for data transfer, but the air instead. As this medium is openly
available to any eavesdropper, the screening of the data in a WLAN is an im-
portant topic.
Depending on how critical WLAN security is for your data, you can take the
following steps to protect your wireless network:
V Activate the "Closed network function". This excludes all WLAN clients
using "Any" as the SSID, and those that do not know your network SSID.
(’Network settings’ → page 79)
V Do not use your access point's default SSID. Only take a name for your
SSID that cannot be guessed easily. The name of your company, for ex-
ample, is not a particularly secure SSID. (’Network settings’ → page 79)
V If you know exactly which wireless network cards are permitted to access
your WLAN, you can enter the MAC addresses of these cards into the ac-
cess control list, thus excluding all other cards from communications with
the access point. This reduces access to the WLAN only to those clients
with listed MAC addresses. (’Access Control List’ → page 54)
V Use encryption on the data transferred in the WLAN. Activate the stron-
gest possible encryption available to you ((802.11i with AES, WPA or
WEP) and enter the appropriate keys or passphrases into the access
point and the WLAN clients (’Encryption settings’ → page 57 and ’WEP
group keys’ → page 60).
V Regularly change the WEP key. Also change the standard key (’Encryp-
tion settings’ → page 57) in the configuration. Alternatively, you can use
a cron job to automatically change the key every day, for example (’Reg-
ular Execution of Commands’ → page 491). The passphrases for 802.11i
or WPA do not have to be changed regularly as new keys are generated
for each connection anyway. This is not the only reason that the encryp-
tion with 802.11i/AES or WPA/TKIP is so much more secure that the now
aged WEP method.
V If the data is of a high security nature, you can further improve the WEP
encryption by additionally authenticating the client with the 802.1x method
(’IEEE 802.1x/EAP’ → page 83) or activate an additional encryption of the
WLAN connection as used for VPN tunnels (’IPSec over WLAN’
→ page 84). In special cases, a combination of these two mechanisms is
possible.
To Next Page
Loading...
Need help?
General
