User's Manual
APPENDIX E
SECURITY
Revised: 23 Jan 08 APX E-3 EST P/N AA107G
7. Many access points allow you to control access based on the MAC address of the NIC attempting to associate with it. If the
MAC address of your NIC isn't in the table of the access point, you won't associate with it. And while it's true that there are
ways of spoofing a MAC address that's been sniffed out of the air, it takes an additional level of sophistication to spoof a MAC
address. The downside of deploying MAC address tables is that if you have a lot of access points, maintaining the tables in
each access point could be time consuming. Some higher-end, enterprise-level access points have mechanisms for updating
these tables across multiple access points of the same brand.
8. Consider using an additional level of authentication, such as Remote Access Dailin User Service (RADIUS), before you permit
an association with your access points. While it's not part of the 802.11b standard, a number of companies are optionally
including some provision for RADIUS authentication.
9. If you're deploying a wireless router, think about assigning static IP addresses for your wireless NICs and turn off Dynamic
Host Configuration Protocol (DHCP). If you're using a wireless router and have decided to turn off DHCP, also consider
changing the IP subnet. Many wireless routers default to the 192.168.1.0 network and use 192.168.1.1 as the default router.
10. Don't buy Access Points or NICs that only support 64-bit WEP.
11. Only purchase Access Points that have flashable firmware. There are a number of security enhancements that are being
developed, and you want to be sure that you can upgrade your access point.
12. A simple security technique used by the military is to have the administrator periodically change the key for the system i.e.
weekly, monthly, etc.