Wireless encryption is essential, but addresses only part of the security problem. Security measures are also needed to permit or deny WLAN access, authenticate stations and users, and determine the destinations and applications that each is authorized to reach. This webcast from Lesson 3 of SearchSecurity.com's Wireless Lunchtime Learning Security School describes readily available alternatives, from MAC ACLs and captive portals to Preshared Secret Keys and 802.1X Port Access Control.
Also included in Lesson 3 are the following technical tips:
- Security on a budget: How to control access to a WLAN
- 802.1X Port Access Control: Which version is best for you?
- How to configure VLANs with 802.1X for WLAN authorization
- Defeating Evil Twin attacks
In this part:
Wireless encryption is essential, but addresses only part of the security problem. Security measures are also needed to permit or deny WLAN access, authenticate stations and users, and determine the destinations and applications that each is authorized to reach. This webcast describes readily-available alternatives, from MAC ACLs and captive portals to Preshared Secret Keys and 802.1X Port Access Control.
802.1X/EAP can provide robust, granular WLAN access control and authentication, but can your organization afford the "WPA-Enterprise" approach? This tip recommends alternatives for companies that are concerned about securing WLAN access, yet faced with limited IT staff and budget. Whether the answer is outsource, open source or make the best of "WPA-Personal," this tip will help you understand associated costs and consequences.
802.1X Port Access Control provides an extensible framework for authenticating and authorizing WLAN usage. But 802.1X is merely an envelope that carries some type of Extensible Authentication Protocol (EAP). More than 50 EAP Types have already been defined; how do you know which one(s) to use? This tabular tip provides a direct comparison of the most popular EAP Types used with 802.1X today, the authentication methods supported by each, known vulnerabilities associated with them and suitable usage environments.
Many WLAN owners know that 802.1X/EAP makes it possible to authenticate individual wireless users. But did you know that 802.1X can also be used to funnel wireless traffic onto VLANs, enforcing user or group-based permissions? This tip explains how to use RADIUS attributes returned by 802.1X to supply VLAN tags, establishing that critical link between authentication and authorization.
Evil Twin attacks -- also known as AP phishing, honeypot APs or hotspotters -- pose a clear and present danger to wireless users in public and private WLANs. This tip describes several steps that your company can take to defend employees against this poorly-understood attack. Learn why SSL or SSH may not be enough to protect your users, and how 802.1X mutual authentication can help defeat these phony APs.