Skip navigation

Tweaking Wi-Fi APs for Better Security

Security has become even more important due to the spread of wireless networking. As a result, we've seen several new wireless security companies spring to life and subsequently grow by leaps and bounds. These companies make specialized solutions that consist of proprietary hardware and software that guard wireless networks against a wide range of potential intrusions.

Even if you have one or more of these specialized tools in place, you can improve your wireless security, particularly by adjusting the operation of your Access Points (APs). For example, you can manage AP transmission output power and shape the pattern and direction of signal transmission.

Although I don't know of any APs that ship from the manufacturer with built-in configuration settings that let you adjust transmission power levels, they might exist. If so, you could turn down the transmission power output level to reduce the distance that the signals will propagate. This helps limit the vicinity in which potential intruders can operate.

If your AP doesn't include such a feature, you could possibly install third-party firmware for your AP that does provide such support. Several third-party firmware solutions are available for hardware based on Broadcom chipsets, such as Cisco Systems, Linksys, Buffalo Technology, ASUS, Motorola, Siemens, U.S. Robotics, and NETGEAR APs.

Last week I downloaded a third-party firmware package, installed it to an AP, and configured it according to my needs in under 30 minutes. Like most AP firmware, the third-party solution has an intuitive interface, so I didn't need to read any detailed documentation to make it work right.

As a result of installing the third-party firmware, I was able to configure that AP to reduce transmission output from 20 milliwatts (mW) to about 3 mW, which is all that I need for that particular office space. As a result, any would-be intruders would have to be physically in the office before they could get a usable connection to that wireless network. The end result is stronger security for only a few dollars.

Using third-party firmware offers other benefits. For example, the firmware I installed supports a custom desktop client that interacts with the AP. Using that client, I can see all the AP's connections; view all broadcasting clients on the wireless network, including those not connected to that AP; measure bandwidth usage; and more.

Other benefits include the ability to run Secure Shell (SSH) server directly on the AP for remote access and administration. Doing so means that I don't have to expose a Web interface. I could also establish a PPTP VPN server, Quality of Service (QoS) and bandwidth management parameters, and virtual LANs; quickly block peer-to-peer (P2P) clients; configure IPv6; use a remote syslog server; force the use of Wi-Fi Protected Access (WPA) and WPA2 authentication; and even configure a way for guests to easily use the wireless network to surf the Internet when visiting the office. Third-party firmware also offers many other features that I don't have room to discuss here.

The bottom line is that third-party firmware is easy to install and use, doesn't require any specialized skills or knowledge for everyday use, is incredibly cheap to obtain and administer, and strengthens your overall wireless security. If you do have advanced skills, you can easily add on to third-party firmware solutions to extend the capabilities even further. For example, you could add a mini-Web server, a controlled access public hotspot interface, Voice over IP (VoIP) capabilities, Remote Authentication Dial-In User Service (RADIUS) authentication, and more.

If you're interested in more information about third-party AP firmware, please send me a quick email message (send to mark at ntshop dot net -- even an anonymous message is all right) to express your interest. Use "AP Firmware" as the subject of your email so that I can quickly locate your message in my inbox. If there's enough interest, I could write about how to decide which firmware might be best for your needs, where to find it, how to quickly and easily get it working for better security in your environment, and how to extend its functionality even further.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish