Client security is important, because simply securing the access point does
not protect a wireless network. After the weaknesses of the access points are
protected, attacking clients becomes the easiest way to gain access to the
network. Proper security for clients should be specified in the wireless
security policy. This includes security measures such as virus scanning,
personal firewalls, and keeping the client programs and operating systems
up-to-date.
Additional security for wireless clients may be desirable.
For example, WEP should be enabled when possible. As discussed earlier, static
WEP has weaknesses. Additional security features, like temporal key integrity
program (TKIP), Per-packet keying, and Message Integrity Check (MIC) need to be
enabled for additional security. This will be covered in the enterprise
encryption section.
Figures
and
show the
Aironet Client Utility (ACU) screen for configuring WEP keys. In addition to
the clients, APs and bridges must be secured using WEP
.
No matter
which type of authentication is used, the WEP keys entered on the client and
the access point must match. The keys themselves must match, and the order of
the keys must match. For example, a 40-bit key entered as Key 1 on the client
must match the 40-bit key entered as Key 1 on the access point.