In addition, PSKs are very difficult to administer on large networks because when the PSK is changed (e.g., when an employee leaves the company), every client on the network must be configured with the new PSK. This lesson describes methods to protect your network from attack and provides denial-of-service best practices.
This three-part expert lesson provides best practices for securing a WLAN in the enterprise.
Lesson 1 focuses on methods of systematically monitoring your WLAN for intruders and ways to proactively reduce network discovery.
Neither action actually reduces the likelihood that an intruder will discover the WLAN.
We recommend the following best practices: Some high-risk enterprises may want to use directional antennas in order to have greater control over signal propagation compared with omni-directional antennas.
This type of wireless connection can lead to a man-in-the-middle attack.
A wireless intrusion detection system (WIDS) can monitor for rogue APs and unauthorized devices, maintain policy adherence, and look for anomalous or suspicious behavior.
(Note that the IEEE is working on a proposal [802.11w] to strengthen management frame security.) Some security professionals recommend disabling the SSID broadcast in beacon frames and disabling the probe response frame for the broadcast SSID. The first action increases WLAN traffic because it forces all stations on the network to scan for a valid AP by periodically transmitting probe requests.
The second action forces a network administrator to manually configure the SSID on every station.
Aim directional antennas toward the interior of the building in order to minimize RF signal leakage outside the building.
Network intrusion Network intrusion causes unauthorized network traffic that may be targeted to exploit vulnerabilities on systems or be associated with malicious code (e.g., worms and Trojan horse programs), or it may result in traffic that violates the organization's acceptable-use policy.
We recommend the following best practices: This lesson describes best practices for maintaining strong user authentication and data privacy on a WLAN.