Hardening your wireless network will be covered in much more detail in Chapter 8. However, what you can do right now is to locate and remove all wireless access points that you do not need or did not plan properly. This may sound like a little bit of overkill, but it isn t. If you have not developed a wireless security plan and implemented your wireless network by restricting IP addresses and implementing encryption and authentication, you need to unplug everything and start all over again building a secure wireless network. If you must run wireless, you can do the following four tasks to harden your wireless network against attack:
Require a written wireless security policy that allows only IT supported wireless products that are only implemented by IT. If an employee goes out and buys the latest, cheapest personal wireless access point or router, that should be grounds for dismissal.
Only allow authorized MAC addresses to connect to your wireless network.
Require Wired Equivalent Privacy (WEP), WiFi Protected Access (WPA), or 802.11i for encryption. Be aware that WEP has been compromised, but is better than clear text.
Require authentication via shared secret key, 802.1x, RADIUS authentication, or certificates as supported by your devices.