Wireless LAN
Security - Abstract
The availability of
inexpensive, easily installed WLAN equipment opens up new pathways for attacks
and other security breaches. Unlike wired networks, where eavesdropping on
network traffic will be apparent to watchful network administrators WLAN data
streams can be passively observed using ordinary WLAN cards without being
detected by administrators. Furthermore, the eavesdropper’s device may even be
in the parking lot or on the sidewalk—unlike eavesdroppers on wired LANs, WLAN
eavesdroppers need not be on site making an electrical connection to the
network. Authentication is the foundation technology for protecting networks,
servers, client systems, data, and applications from improper disclosure,
tampering, destruction, and other forms of interference.
Shared Key Authentication Process |
Contents
1.
INTRODUCTION
2.
THREATS TO WLAN ENVIORNMENT
3.
AUTHENTICATION AND ACCESS CONTROL
4.
STANDARDIZED ATTEMPTS TO MANAGE
5.
SHORTCOMINGS OF STANDARD
6.
SOLUTIONS
7.
THREATS TO DATA PRIVACY AND INTEGRITY
8.
ROGUE ACCESS POINTS
9.
DENIAL OF SERVICE (DOS)
10.
CONCLUSION
Wireless LAN Security -
INTRODUCTION
Wireless local area networks (WLANs)
based on the Wi-Fi (wireless fidelity) standards are one of today’s fastest
growing technologies in businesses, schools, and homes, for good reasons. They
provide mobile access to the Internet and to enterprise networks so users can
remain connected away from their desks. These networks can be up and running
quickly when there is no available wired Ethernet infrastructure. They can be
made to work with a minimum of effort without relying on specialized corporate
installers.
Link Layer Protection:
802.1X
One of the advantages of an 802.1X
authentication system compared to a VPN is that the wireless network need not
be located outside the firewall. Because the access points won’t forward any
data aside from the authentication process itself, there is next-to-no
opportunity for wireless attackers to access the wired network, even if they
can receive the wireless signals in the parking lot.
DENIAL OF SERVICE
(DoS)
Denial of service (DoS) attacks are
possible on any kind of network, not just WLANs. However, WLANs have some DoS vulnerabilities
that they don’t share with other networks. The most brute-force DoS attack is
an attack on WLAN radios. 802.11 networks operate on bands at 2.4GHz and
5.8GHz.
Conclusion
If there are
unprotected WLANs connected to an enterprise network, it’s crucial that these
WLANs be located outside the firewall and other perimeter defenses. Wherever
WLANs are attached to the enterprise network, it’s crucial to install and
maintain a secure authentication system that is commensurate with the security
risks the enterprise faces. In addition, it’s crucial to find and secure any
unauthorized access points. In most cases, enterprises will want to update
their existing access point firmware and software, client driver software, and
authentication servers to the WPA standards, and only purchase WPA-compliant
products going forward.
No comments:
Post a Comment