Catálogo de publicaciones - libros

This chapter began with some fundamental concepts of wireless network security. The chapter outlined the main security risks for an enterprise to deploy intranets and extranets. The chapter further described some security vulnerabilities in the TCP/IP protocol suite that gives attackers many opportunities for malicious attacks on Internet connected computers. Finally, the chapter also presented the methods and techniques that attackers use to circumvent wireless network security.

Enterprises and users benefit when access to public wireless web servers is safe and convenient and when the enterprise’s electronic information resources are secure, reliable, and available. As is the case with all other aspects of remote access to enterprise resources, the use of public wireless web servers entails risks as well as benefits. Finally, these risks and benefits must be managed through careful planning, and through the implementation of guidelines, for the secure operation of public wireless web servers.

Although Wi-Fi technologies have significantly improved their security capabilities, many of the features and abilities are available only in newer equipment for IT-managed infrastructure. Meanwhile, cellular data networks rely on a completely separate security architecture that emphasizes protection of the radio link and does not provide end-to-end encryption.

Finally, attacks have proven WEP security provided by the 802.11 standard to be insecure. The WLAN industry has responded by creating WPA and 802.11i to address these issues in the long term, though these security solutions are not available today. Most of today’s security requirements can be met with 802.1x, which provides a solution that is effective and has not yet been broken. Most wireless security vendors now offer 802.1x client and server solutions that are available today and provide security that is adequate for enterprise applications.

Wireless LANs are being rapidly adopted due to the convenience and flexibility they provide. However, WLANs create a new set of security threats to enterprise networks such as Rogue APs, Mis-configured APs, Soft APs, MAC Spoofing, Honeypot APs, DOS, and Ad hoc Networks.

Neither traditional firewalls and VPNs nor IEEE 802.11 security standards such as WEP, WPA, 802. lx, and 802.1 1i can protect enterprise networks against over-the-air attacks from WLANs. So, a new and comprehensive security solution in the form of a WiFi Firewall is required to alleviate these new security threats. The WiFi Firewall must be able to provide RF planning, detection of RF activity, accurate classification of WLAN networks, automatic and reliable prevention from harmful WLAN transmissions, and precision location tracking of WLAN devices.

Now, in many ways, Wireless Wide Area Networks solutions can be integrated into a general purpose remote access solution for the enterprise. Whether they are circuit-switched dialup solutions or packet-data Internet connections, wired and wireless remote access can look the same to the enterprise perimeter.

Finally, they can use the same protocols and remote access products. In fact there is a compelling case for creating unified and simplified approach to remote access. However, there is need to ensure that wireless networks have unique requirements and therefore a traditional and standard solution may not necessarily be optimal.

Enterprises and users benefit when access to public wireless web servers is safe and convenient and when the enterprise’s electronic information resources are secure, reliable, and available. As is the case with all other aspects of remote access to enterprise resources, the use of public wireless web servers entails risks as well as benefits. Finally, these risks and benefits must be managed through careful planning, and through the implementation of guidelines, for the secure operation of public wireless web servers.

The theme of this chapter was enterprise critical systems security, by first illustrating the importance of and potential difficulties in protecting information that traverses networks; and, then examining wireless network security as a holistic concept before focusing specifically on the IEEE 802.1X enterprise edge security standard. In addition, the chapter demonstrated how RADIUS used in conjunction with 802.1X provides a long-term, secure, and low-cost system for wireless network authentication, authorization, and accounting.

Finally, there are many positive precautions for an enterprise to consider when determining how best to provide timely and cost-effective wireless network security. Most important is a holistic security policy, which is the essential foundation for any shield against technology-related crimes. And, since the wireless- LAN edge and LANIWAN perimeter are primary targets for forced entry and latent wireless network cybercrime, they are the obvious location to implement elementary security measures. The system that delivers the greatest wireless network value and flexibility via a distributed security model is the combination of RADIUS and the IEEE 802.1X industry standard. So, it is highly recommended as the first technical security activity in which an enterprise should invest.

By now, the rationale behind incorporating a strong wireless network security solution into your enterprise insurance plan is clear. In today’s digital marketplace, with new and more volatile wireless network threats emerging every week, it’s protection rather than reaction that will preserve your bottom line. If strong protection is the answer, the question must then be: what kind?

This chapter began with some fundamental concepts of wireless network security. The chapter outlined the main security risks for an enterprise to deploy intranets and extranets. The chapter further described some security vulnerabilities in the TCP/IP protocol suite that gives attackers many opportunities for malicious attacks on Internet connected computers. Finally, the chapter also presented the methods and techniques that attackers use to circumvent wireless network security.

Enterprises and users benefit when access to public wireless web servers is safe and convenient and when the enterprise’s electronic information resources are secure, reliable, and available. As is the case with all other aspects of remote access to enterprise resources, the use of public wireless web servers entails risks as well as benefits. Finally, these risks and benefits must be managed through careful planning, and through the implementation of guidelines, for the secure operation of public wireless web servers.

This chapter began with a description of how 802.1X wireless LAN security works. To provide focus for the design, a picture of the target enterprise for the implementation of the wireless network security plan development was given along with the enterprise’s key design criteria for the WLAN solution. Following this, the main aspects of the chosen WLAN design were discussed. The design covered the network; IAS server placement and IAS configuration; the use of certificates; and, the different types of wireless clients. The key points on migration from an existing WLAN were also outlined.

Finally, the two parts at the end of the chapter discussed important variations to the basic design. Firstly, how to scale the implementation of the wireless network security plan development for larger enterprises was described, along with instructions on how to deal with the main points of divergence from the core implementation of the wireless network security plan development. This was followed by illustrations of how to use the same basic authentication infrastructure to support other network services such as remote access, VPN, and wired network security; and, how to deal with the sticky problems of bootstrapping clients and deploying WLANs to SOHO environments.