Summary

This chapter has introduced several ways to secure your LAN. Although none of these methods alone will guarantee security, the combination of several can greatly increase your protection. The "art" of security management does not lie in simply knowing how to lock everything down. Rather, in requires you to optimize the balance between functionality and security, and to build a WLAN based on this optimal design.

For example, one group at NASA has developed a secure Wireless Firewall Gateway that incorporates the use of a hardened computer running OpenBSD with two NICs and one WNIC. This computer-based access point uses a dynamically-updated firewall tied into a RADIUS server. The user is authenticated through a secure Web page using SSL. Once authenticated, the firewall's policy table is updated with the user's particular access level. Auditing is possible because the user is given a traceable IP address, which can be tied to all network activity.

Although designing and administering such a configuration takes skill and perseverance , this example should nevertheless inspire you. If you have a WLAN, take the time to consider the ways in which it can be hacked. Hackers can use WEP cracking, ARP attacks, sniffers, and more to own you. Each method of attack requires its own corresponding protection. Although WEP or MAC filtering will stop the vast majority of unskilled hackers, your network deserves the utmost protection. By thinking like a hacker, you will be better equipped to defend yourself.