Summary

Chapter 16: Advanced Security 15■■Service set identifier (SSID) broadcasting: The wireless SSID broadcasts the identityof the network. Turning off the SSID makes the network seem to disappear, but this isan unreliable form of wireless network security.Wireless antennas: The gain and signal pattern of the antenna connected to a wirelessaccess point can influence where the signal can be received. Avoid transmitting signalsoutside of the network area by installing an antenna with a pattern that serves your networkusers.Remember to do the following when configuring wireless security:■■■■■■Configure WEP.Configure WPA.Configure MAC address filtering.Disable any unused wireless connections.Change default SSID.Select appropriate antennas.To improve the security of your wireless device, you should implement as many securityoptions as possible. For example, this means combining things such as implementing WEPand changing the SSID to improve security.Describe Configuring Firewall TypesA firewall selectively denies outside users from establishing connections to a computer ornetwork segment. Firewalls generally work by opening and closing the ports that variousapplications use. By opening only the required ports on a firewall, you are implementing arestrictive security policy. Any packet not explicitly permitted is denied. In contrast, a permissivesecurity policy permits access through all ports except those explicitly denied. Atone time, software and hardware were shipped with all settings being permissive. As manyusers neglected to configure their equipment, the default permissive settings left manydevices exposed to attackers. Most devices now ship with settings as restrictive as possible,while still allowing easy setup.Software firewalls usually exist as a software application running on the computer beingprotected, or as part of the operating system. There are several third-party software firewalls.There is also a software firewall built into Windows XP, as shown in Figure 16-8.