Use Strong Authentication
WLAN authentication has been plagued by security issues-- dictionary attacks to crack plaintext passwords, vulnerable WEP encryption and man-in-the-middle attacks. Rogue access points (APs) undermine efforts to control access.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] The Bad Guys Take Aim
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Malicious/Accidental Association
A hacker can force an unsuspecting user station to connect to an undesired or spoofed 802.11 network.
Identity Theft or MAC Spoofing
Hackers can grab SSIDs and MAC addresses to steal bandwidth, and corrupt or download files.
Man-in-the-Middle Attacks
A hacker breaks VPN connections between authorized stations and access points by inserting a malicious station between a victim's station and an access point.
Denial-of-Service Attacks
Freeware tools can launch DoS attacks against specific users, access points or all network devices. A hacker can abuse the Extensible Authentication Protocol to launch an attack against the authentication server.
Network Injection Attacks
A hacker exploits improperly configured wireless LANs or rogue access points. When the access point is attached to an unfiltered part of the network, it broadcasts multicast traffic, which can take down the network.
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
content -->
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Network engineer Shane Willis, who supports 500 wireless users at Peregrine Systems, a San Diego-based IT consultancy, expects the number of users to double in the next year as the WLAN is rolled out to all of the company's offices. Willis first secured Peregrine's wireless users with WEP and a VPN with token-based authentication.
"It was clunky at best," says Willis.
Now, Willis is taking advantage of evolving technologies, using 802.1X authentication, dynamic keys and AES encryption. Authentication and access are controlled via a Fortress Technologies gateway appliance.
"Users can set up and go about their business wherever they are and, ultimately, be more productive at work," Willis says. "They do not have to carry around their VPN tokens."
At Mortgage Financial, regulatory requirements made access control the number one priority, while still making wireless easy for employees.
"We wanted our loan officers to be untethered to their desktop and be able to move about," says Beaupre, who has launched a WLAN covering the company's Tewksbury, Mass., headquarters and 14 branch offices, each supporting two to 25 users.
"We realized the wireless security solutions that we were trying, such as RADIUS, weren't as robust as we needed," says Beaupre. Without a single logon, users could authenticate to the RADIUS server for wired access, but log on separately to the WLAN.
The solution was a single authentication point for wireless and wired access. Coupling wireless access points with the VPN, firewall and IDS via SonicWALL devices, gave Beaupre confidence in his access control.
|
 |
|
