• Choose a category
• All
• Classic-Fiction

■ Change the default SSID.

■ Disable SSID broadcasts.

■ Disable DHCP or use reservations.

■ Use MAC filtering.

■ Use IP filtering.

■ Use the strongest security available on the wireless access point: WEP, Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and so on.

■ Change the static security keys on a two- to four-week basis.

■ When new wireless protection schemes become available (and reasonably priced), consider migrating to them.

■ Limit the user accounts that can use wireless connectivity.

■ Use a preauthentication system, such as RADIUS.

■ Use remote access filters against client type, protocols used, time, date, user account, content, and so forth.

■ Use IPSec tunnels over the wireless links.

■ Turn down the signal strength to the minimum needed to support connectivity.

■ Seriously consider removing wireless from your LAN.

Wireless discussions sometimes include mobile devices, which are not 802.11 wireless networking devices themselves but instead are specialized services providing limited Internet connectivity to cell phones, PDAs, and pocket PCs. These devices often use WAP or an equivalent communication protocol suite. Unfortunately, providers are required by the Communications Assistance for Law Enforcement Act of 1994 (CALEA) to make wiretaps possible on all forms of communications offered regardless of the technologies employed (requiring a search warrant for actual use, of course)—lovingly referred to as “the gap in WAP.” Therefore, if you want security over a wireless mobile device, your handheld device and the server you ultimately communicate with must have their own encryption scheme rather than relying on that provided by the provider’s service.

You should be aware that malicious entities could be actively seeking to eavesdrop on all of your communications. In addition to personally imposed encryption for handheld devices, be careful of what is actually discussed or communicated over your mobile devices. Even if someone can’t grab the information while in transit, it is possible they can look over your shoulder at your screen or be within earshot of your voice. There are many ways to collect data; in order to be secure, you need to be aware of all of them and provide protection against all of them.

Appendix B

Workbook Exercises

This appendix consists of 50 lab exercises that you can perform to become more familiar with security features available in popular operating systems and utilities. It is recommended that you perform these exercises on lab machines and never in a production environment. As was discussed in Appendix A, using production machines and failing to take precautionary steps could result in performing actions that are against company policy, that violate your assigned privileges, or that may actually be criminal activity. You are responsible for the results of your own actions. In other words, perform these exercises on your own machine(s) in a lab of your own.

The recommended setup for these exercises is as follows:

■ Two workstations running Windows XP Professional with network and Internet access. You should have administrator privileges on both and the Internet Explorer or Firefox browser installed.

■ One workstation running the latest version of openSUSE with network and Internet access. You should have root privileges and the Firefox browser installed.

None of the labs intermingle openSUSE with Windows XP, so it is possible to have openSUSE installed on one of the workstations that also has Windows XP. The workstation can be configured in a dual-boot scenario, or you can have virtualization software such as VMware Player installed.

If you are comfortable with a Linux distribution other than openSUSE, you can use that instead and substitute any lab instruction referencing YaST for the configuration utility present in that distribution.

Most Linux distributions—including openSUSE—give you the ability to download a bootable CD (see http://en.opensuse.org/Download).