[Kiijo]

Hello,

I've just set up a Wireless Network. It's working fine, however I'd like to improve the security and am unfamiliar with the various security settings. I've looked over the options but they are rather confusing and I'm wondering how secure the network needs to be. Essentially I'd like to be able to control who can access the wireless LAN and give permissions to specific people who should be able to access it.

Thanks,
Rob

[Advertisements]

Please give a detailed description of computers and networking hardware you are using.

-=jonnyrotten=-

[-=jonnyrotten=-]

Please give a detailed description of computers and networking hardware you are using.

-=jonnyrotten=-

[Kiijo]

First I should start by saying that this network is for a small non-profit company, for which I work. My job is not IT related, but because we are so small there is no IT person and because no one else in the business knows more than I do, I have become the default IT person on top of my usual responsibilities.

Our network is a bit extensive. The reason this all came up is that we actually added a new piece to it and that's when I became aware of its potential vulnerability. Here's goes nothing though...

We have a SMC Cable Gateway (rented from Comcast) connected to our switch, which feeds into our main office's LAN. Also connected to the switch is a Cisco 340 Aironet Wireless Workgroup Bridge, sending a wireless signal to 4 other buildings. Then in another building we have a Cisco 340 Aironet Wireless Access Point grabbing and extending that signal. Then there are 2 additional buildings with Cisco 340 Aironet Wireless Workgroup Bridges grabbing that signal. All of this has been set up and running for years (and before I came into the picture) and is running 802.11b (11mbps max).

We recently decided to add availability to another building. We purchased a Netgear WGE101 54 mbps Wireless Ethernet Bridge (802.11b/g). As I researched these things I became acutely aware of the vulnerability of Wireless network and wanted to find out what I can do to prevent any attack on our LAN.

Hope that's helpful, and please let me know if there is any further info I can provide, thanks in advance!
Rob

[-=jonnyrotten=-]

I would suggest making sure all communications require certificates. Therefore no one can optain an IP address wirelessly and connect to your network because they will not have a valid trusted certificate. Next in order to make sure no one can capture your information wirelessly I would make sure the wireless connections between the buildings is encrypted with IPSec (3des). That way even if someone captures your info it will be impossible to decrypt it. Only implement IPSec between the buildings, if you have it all over the network, network traffic will be substantially higher and will take way too long to communicate.

-=jonnyrotten=-

[Kiijo]

I would suggest making sure all communications require certificates.  Therefore no one can optain an IP address wirelessly and connect to your network because they will not have a valid trusted certificate.  Next in order to make sure no one can capture your information wirelessly I would make sure the wireless connections between the buildings is encrypted with IPSec (3des).  That way even if someone captures your info it will be impossible to decrypt it.  Only implement IPSec between the buildings, if you have it all over the network, network traffic will be substantially higher and will take way too long to communicate. 

-=jonnyrotten=-

We do not run a DHCP server, so all of our IP's are assigned and static. Is that enough protection to avoid potential attackers?

I've never heard of IPSec encryption. Could you please detail what it is and how I would go about setting it up?

Thanks,
Rob

[-=jonnyrotten=-]

Which OS are your servers running?

-=jonnyrotten=-

[Kiijo]

Win 2k

Users are XP/98/Mac OS10 mix

[-=jonnyrotten=-]

Basically what will need to be done is configure the Cisco wireless components that communicate to the other ones in the other buildings to use IPSec encryption. That is an Encryption by microsoft that comes with windows server 2000, xp, and 2003 server. I know you can configure wireless routers to run Ipsec mode, but I'm not sure how. It would probably be either on the router itself or on the computer that you use to configure the router. Who actually set up these components? It might be running already. What it would do is encrypt the data sent through the air and only the receiving end would be able to unencrypt it, very secure.

-=jonnyrotten=-

[Geek3point0]

RTM for steps because im not familiar with your routers user interface...


One Good measure above encryption would be to whitelist mac addresses.... record the mac address of wireless cards authorized for use, find the Tap that says Allow only specified MAC addresses and enter em.

Just my 2pennies