Managing Spectrums to Avoid Denial of Service

Should you choose 802.11a, 802.11b, or 802.11g? Depending on your current investment and infrastructure you might be able to avoid brute force denial of service attacks just by "changing the channel." This can be accomplished by using a lesser used frequency or compression scheme.

Keeping in mind that approved IEEE standards will have an affect on which implementation wireless technology manufacturers will roll out. These decisions also are going to be affected by market conditions and adoption rates. You should choose the most compatible wireless equipment that meets your company's application needs.

Choosing Your Channel

802.11a uses 12 non-overlapping channels from 5.725 through 5.875 GHz. This might be a good alternative for reducing interference by devices such as cordless phones, Bluetooth devices, and microwaves . This would be recommended for smaller businesses that don't require strong security.

802.11b and 802.11g non-overlapping channels:

• Channel 1 (2.412 GHz)

• Channel 6 (2.437 GHz)

• Channel 11 (2.462 GHz)

Protecting Yourself from Internal Interference

In larger wireless network deployments many of the interference and RF signal problems that arise come from internal sources. By knowing the physical layout of your buildings as well as the existing RF interference you can work around or reduce these problems down the road.

Conducting an RF site survey of your environment is critical to protecting your WLAN from interference and obstructions. After you map out the signal levels take note of both internal and external access points.

Keep an accurate inventory of authorized access points. Using the reports from your site survey software, you should document the location and MAC address of each of your access points. Performing ongoing site surveys will make you aware of new rogue access points.

Creating a company or organization operations policy concerning authorized wireless access points will greatly reduce your administrative nightmares. By creating a method in which to incorporate wireless access points where rogues are popping up you can keep your end users happy.

Protecting the Wireless Network

Keeping people from snooping around your network probably isn't going to happen. What you can do is reduce the ability for them to successfully gain access to your network resources. This will need to take place on several fronts. You'll need to lock down your systems as well as your wireless access points.

There are many vendors of wireless access points, bridges, and network cards. The amount of security features that they implement varies. Depending on your company's budget and the age of the equipment in place you might want to start with the basics:

• Ensure AP and NIC firmware is up to date

• Mount AP out of reach to avoid "hard reset"

• Change your AP's default administrator password

• Don't allow remote management

• Change your SSID name

• Don't broadcast your SSID

• Use MAC layer filtering

• Activate WEP (some older/entry level APs don't support 802.11x)

• Use 802.11x for dynamic key exchange (best security)

By taking these measures you will be able to keep the honest people honest. Those who have the time and tools might still be able to access the wireless network. That's where the next layer of defense comes into play. To protect the company's data, the internal networking equipment and operating systems need to have the same if not more security in place.