ChangethedefaultSSID: Although this will not prevent hackers breaking into a network, using a default SSID acts as an indication that the user is careless. So he may be an obvious target to explore further to see if he still uses the default passwords as well?
Attacksmitigated:War driving
Restrict access by assigning static IP addresses and MAC filtering: Disable automatic IP assigning feature and use private static IPs to the legitimate devices you want to connect. This will help you in blocking unwanted devices from being connected to your network. Also, enable MAC filtering- router remembers MAC of each and every device connected to it and saves it as list. You can use this facility to restrict access. Only a set of trusted devices can be allowed to connect. However MAC spoofing is still possible but it raises an extra bar for your wireless network.
Turn off your router when not in use:Last but not least, a little obvious, but it will save your network from all the attacks for that time period.
1.7.2.3 Wi-Fi in a Corporate/Enterprise Network
Due to the nature of activity and criticality of information, it is very important that Corporate / Enterprise networks have a higher degree of security.
The following are good to have:
Defining an adequate organization wide Information Security policy & procedures for wireless network
SSID‟s should not be associated with the organization, AP vendor or any other related information which would be easy to guess or associate with the current organization
Use of VPN while accessing corporate information from Public Wi-Fi network
Client side utilities like DecaffeintIDcan help in detecting changes in ARP table and serve as common man‟s IDS to protect against attacks like „hole196‟ and DoS.
Implementation of Wireless IDS. Wireless IDS is a new concept. The key features of Wireless IDS are: