In Lesson 3 of Wireless Security Lunchtime Learning, you'll learn the pros and cons of the various wireless access protocols so that you can choose the best method to control, authenticate and authorize access to your WLAN.
Use the sidebar on your right to navigate to this lesson's video and three companion tips. Also, navigate to the quiz at the end to test what you've learned.
Also be sure to check out the lower sidebar, which features links to the other lessons in our Wireless Security Lunchtime Learning series.
Video: Who goes there? Securing wireless access
Tip: 802.1X Port Access Control: Which version is best for you?
Tip: How to configure VLANs with 802.1X for WLAN authorization
Tip: Defeating evil twin attacks
Quiz
Wireless encryption is essential, but addresses only part of the security problem. Security measures are also needed to permit or deny WLAN access, authenticate stations and users, and determine the destinations and applications that each is authorized to reach. This webcast describes readily-available alternatives, from MAC ACLs and captive portals to Preshared Secret Keys and 802.1X Port Access Control.
802.1X/EAP can provide robust, granular WLAN access control and authentication, but can your organization afford the "WPA-Enterprise" approach? This tip recommends alternatives for companies that are concerned about securing WLAN access, yet faced with limited IT staff and budget. Whether the answer is outsource, open source or make the best of "WPA-Personal," this tip will help you understand associated costs and consequences.
802.1X Port Access Control provides an extensible framework for authenticating and authorizing WLAN usage. But 802.1X is merely an envelope that carries some type of Extensible Authentication Protocol (EAP). More than 50 EAP Types have already been defined; how do you know which one(s) to use? This tabular tip provides a direct comparison of the most popular EAP Types used with 802.1X today, the authentication methods supported by each, known vulnerabilities associated with them and suitable usage environments.
Many WLAN owners know that 802.1X/EAP makes it possible to authenticate individual wireless users. But did you know that 802.1X can also be used to funnel wireless traffic onto VLANs, enforcing user or group-based permissions? This tip explains how to use RADIUS attributes returned by 802.1X to supply VLAN tags, establishing that critical link between authentication and authorization.
Evil Twin attacks -- also known as AP phishing, honeypot APs or hotspotters -- pose a clear and present danger to wireless users in public and private WLANs. This tip describes several steps that your company can take to defend employees against this poorly-understood attack. Learn why SSL or SSH may not be enough to protect your users, and how 802.1X mutual authentication can help defeat these phony APs.
Securing wireless acess is no easy business. Find out how much you retained from Lesson 3 of Wireless Lunchtime Learning.
Lisa Phifer