We plan to secure our small business wireless network using WPA2-PSK. Does this keep us safe from war drivers? Are there other things we need to do?
This depends on what you mean by safe. Being in the security business I tend to be skeptical of any one single protection. I prefer defense in depth. Think of your bank as an example: strong, layered security: guards, cameras, locks, safes, etc. Deploying many layers of security makes it much harder for an attacker to overcome the combined security mechanisms. This is the concept of defense-in-depth. It is about building security in layers. If one layer is breached, you have multiple layers beneath it to continue protecting the assets of your organization. Defense-in-depth is about finding a balance between the protection cost and the value of the informational asset.
Here are a few basic ideas to get you thinking. Make sure the access point is physically secure so that no one can physically touch the device. Consider limiting what MAC addresses can connect to the AP. A frequent provisioning for guest access is to place the guest AP in the DMZ. Whether or not employees should be placed in the DMZ depends on the needs and philosophies of the corporation. Proper security and need for rapid communication usually requires users to attach APs as trusted. Perform a site survey to determine that AP is properly placed. Also don't forget to consider that you AP may not be the only one. Their might also be rogue AP's that others have connected to the network. I hope this gives you some ideas to get started.
This was first published in February 2008