For example, "use Wi-Fi Protected Access 2 (WPA2) security" is a technology best practice, whereas "train employees not to connect to ad hoc WLANs" is a procedural best practice.Network discovery Network intruders use a variety of methods to discover the existence of WLANs and their corresponding service set identifiers (SSIDs).
(Note that the IEEE is working on a proposal [802.11w] to strengthen management frame security.) Some security professionals recommend disabling the SSID broadcast in beacon frames and disabling the probe response frame for the broadcast SSID. The first action increases WLAN traffic because it forces all stations on the network to scan for a valid AP by periodically transmitting probe requests.
The second action forces a network administrator to manually configure the SSID on every station.
Aim directional antennas toward the interior of the building in order to minimize RF signal leakage outside the building.
Neither action actually reduces the likelihood that an intruder will discover the WLAN.
We recommend the following best practices: Some high-risk enterprises may want to use directional antennas in order to have greater control over signal propagation compared with omni-directional antennas.
Lessons 2 and 3 focus on how to protect users and the network, respectively. Federal Treasury may be different from best practice for a fast-food retailer.Best practice definition For wireless security, "best practice" is a relative term. This is because each enterprise may assess wireless risk differently.This three-part expert lesson provides best practices for securing a WLAN in the enterprise.Lesson 1 focuses on methods of systematically monitoring your WLAN for intruders and ways to proactively reduce network discovery.Intruders can use shareware, such as Net Stumbler, combined with a high-gain antenna to scan for the existence of WLANs.Unfortunately, it is nearly impossible to hide the existence of a WLAN or the SSID because management and control frames are not encrypted.