Guidelines for Designing Security for 802.lib Wireless Networks

To design wireless security for networks, you must design security for wireless clients and provide a more secure network topology and proper wireless access point configuration to secure the wireless network from wireless attacks. The following sec?tions provide the guidelines that you need to do these things. Wireless clients also need defenses against attacks that might be directed towards them. Remember, enabling a ?wireless client is similar to plugging it into an untrusted wired network. You do not know who might be near enough to attack the wireless cli-ent, either through a connection to the wireless AP or by making a direct connection to the client. Use the following guidelines to design security for clients: Use personal firewalls on wireless clients. Use a VPN client to connect to the network using a wireless client. Doing this adds another layer of encryption and authentication. Secure the client. Ensure file and print services are turned off. Use hardening techniques to secure the client operating system. Attacks against WEP Such an attack might be mounted and be successful at obtaining the encryption keys. If the keys are obtained, an attacker can decrypt wireless data. In addition to gaining sensitive information, the attacker might also obtain information necessary to join the wireless network protected by WEP. Jamming or Denial of Service (DoS) attacks Just as a DoS attack against a wired network can work by overloading the network with too much activity, sim-ilar attacks can make a wireless network unavailable. Disruption Other devices-such as baby monitors, cordless phones, and Blue-tooth devices work at the same 2.4 GHz frequency and can disrupt the wireless network.

Many of the threats listed in the “Threats Introduced by Wireless Networks” sec-tion are widely known, but many network administrators are not aware of them. You can locate more information at the following locations. If you find links for attack tools and want to download them to learn how to defend your network, consider the source and protect your network and client.

Netstumbler scans for wireless networks and logs SSIDs and the access point’s MAC address. If you add a GPS receiver, it logs the latitude and longitude of the AP. You can turn off the broadcast of SSIDs by the AP to hide the access point from Netstumbler.

Leave a comment

Your email address will not be published. Required fields are marked *