Securing the networks should include the following:
- Wireless specific
- Changing default SSID
- Setting encryption
- Disabling SSID broadcast
- Antenna and access point placement
- Radio power levels
- WiFi Protected Setup (WPS)
- Change default usernames and passwords
- Enable Media Access Control (MAC) filtering
- Assign static IP addresses
- Firewall settings
- Port forwarding/mapping
- Disabling ports
- Content filtering/parental controls
- Update firmware
- Physical security
- Have a defined security policy.
- Have a defined security mitigation procedure.
Process/Skill Questions:
- How would an attack on a new department store be designed to feel out vulnerabilities ?
- What is MAC address spoofing?
- How does the configuration of two wireless routers from different companies in our lab differ in their controls?
- What is the security benefit of static vs. dynamic IP addressing?
- What should a business owner do if a network breach is suspected?