This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."
Download it now to read this article plus other related content.
Use Strong Authentication
WLAN authentication has been plagued by security issues-- dictionary attacks to crack plaintext passwords, vulnerable WEP encryption and man-in-the-middle attacks. Rogue access points (APs) undermine efforts to control access.
|The Bad Guys Take Aim|
A hacker can force an unsuspecting user station to connect to an undesired or spoofed 802.11 network.
Identity Theft or MAC Spoofing
Hackers can grab SSIDs and MAC addresses to steal bandwidth, and corrupt or download files.
A hacker breaks VPN connections between authorized stations and access points by inserting a malicious station between a victim's station and an access point.
Freeware tools can launch DoS attacks against specific users, access points or all network devices. A hacker can abuse the Extensible Authentication Protocol to launch an attack against the authentication server.
Network Injection Attacks
A hacker exploits improperly configured wireless LANs or rogue access points. When the access point is attached to an unfiltered part of the network, it broadcasts multicast traffic, which can take down the network.
"It was clunky at best," says Willis.
Now, Willis is taking advantage of evolving technologies, using 802.1X authentication, dynamic keys and AES encryption. Authentication and access are controlled via a Fortress Technologies gateway appliance.
"Users can set up and go about their business wherever they are and, ultimately, be more productive at work," Willis says. "They do not have to carry around their VPN tokens."
At Mortgage Financial, regulatory requirements made access control the number one priority, while still making wireless easy for employees.
"We wanted our loan officers to be untethered to their desktop and be able to move about," says Beaupre, who has launched a WLAN covering the company's Tewksbury, Mass., headquarters and 14 branch offices, each supporting two to 25 users.
"We realized the wireless security solutions that we were trying, such as RADIUS, weren't as robust as we needed," says Beaupre. Without a single logon, users could authenticate to the RADIUS server for wired access, but log on separately to the WLAN.
The solution was a single authentication point for wireless and wired access. Coupling wireless access points with the VPN, firewall and IDS via SonicWALL devices, gave Beaupre confidence in his access control.
This was first published in December 2005