Feature

Controlling the Uncontrollable

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."

Download it now to read this article plus other related content.

Use Strong Authentication
WLAN authentication has been plagued by security issues-- dictionary attacks to crack plaintext passwords, vulnerable WEP encryption and man-in-the-middle attacks. Rogue access points (APs) undermine efforts to control access.

    Requires Free Membership to View

The Bad Guys Take Aim
Malicious/Accidental Association
A hacker can force an unsuspecting user station to connect to an undesired or spoofed 802.11 network.

Identity Theft or MAC Spoofing
Hackers can grab SSIDs and MAC addresses to steal bandwidth, and corrupt or download files.

Man-in-the-Middle Attacks
A hacker breaks VPN connections between authorized stations and access points by inserting a malicious station between a victim's station and an access point.

Denial-of-Service Attacks
Freeware tools can launch DoS attacks against specific users, access points or all network devices. A hacker can abuse the Extensible Authentication Protocol to launch an attack against the authentication server.

Network Injection Attacks
A hacker exploits improperly configured wireless LANs or rogue access points. When the access point is attached to an unfiltered part of the network, it broadcasts multicast traffic, which can take down the network.

Network engineer Shane Willis, who supports 500 wireless users at Peregrine Systems, a San Diego-based IT consultancy, expects the number of users to double in the next year as the WLAN is rolled out to all of the company's offices. Willis first secured Peregrine's wireless users with WEP and a VPN with token-based authentication.

"It was clunky at best," says Willis.

Now, Willis is taking advantage of evolving technologies, using 802.1X authentication, dynamic keys and AES encryption. Authentication and access are controlled via a Fortress Technologies gateway appliance.

"Users can set up and go about their business wherever they are and, ultimately, be more productive at work," Willis says. "They do not have to carry around their VPN tokens."

At Mortgage Financial, regulatory requirements made access control the number one priority, while still making wireless easy for employees.

"We wanted our loan officers to be untethered to their desktop and be able to move about," says Beaupre, who has launched a WLAN covering the company's Tewksbury, Mass., headquarters and 14 branch offices, each supporting two to 25 users.

"We realized the wireless security solutions that we were trying, such as RADIUS, weren't as robust as we needed," says Beaupre. Without a single logon, users could authenticate to the RADIUS server for wired access, but log on separately to the WLAN.

The solution was a single authentication point for wireless and wired access. Coupling wireless access points with the VPN, firewall and IDS via SonicWALL devices, gave Beaupre confidence in his access control.

This was first published in December 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: