Protecting Wireless LAN security-preventing intrusion

Many enterprises are most concerned with network security to protect local wireless network WLAN ). The following describes the best practices for Protecting Enterprise WLAN Security in three parts. The first part focuses on the local WLAN Network Intrusion monitoring method and the method of actively reducing network exposure. The second and third parts focus on how to protect users and networks.

Prevent intrusion

Definition of best practices

For wireless security, "best practices" are a relatively simple term. U. S. Federal Treasury's best practices may be different from those of fast food retailers. This is because each enterprise has different wireless risk assessments. The best practices defined here are a general, cost-effective, and substantive methodology that applies to almost all enterprises. The term "practice" refers to technology and processes. For example, "using Wi-Fi Protected Access 2 (WPA2) Security" is a best technical practice, while "training employees to avoid specific WLAN connections" is a best process practice.

Network discovery

Network Intruders use various methods to find the existing WLAN and the corresponding service setting identifier SSID ). Intruders can use shared software such as NetStumbler and high-gain antennas to scan existing WLAN. Unfortunately, hiding a WLAN or SSID is unlikely because the management frame and control frame are not encrypted. Note: IEEE is working on a solution [802.11] to enhance frame Management Security .)

Some security experts recommend that you disable the SSID broadcast and broadcast the Detection Response frame of the SSID in the standard frame. However, we do not recommend this method. The first operation increases WLAN traffic because it forces all workstations on the network to periodically scan valid APS by sending detection requests. The second operation forces the network administrator to manually configure the SSID for each workstation. Both of these operations cannot substantially reduce the possibility of intruders discovering WLAN.

Therefore, we recommend the following best practices:

Hide the AP installation location. This method can prevent WLAN from being inadvertently detected and make it more difficult to locate the AP.

Reduces radio power to minimize radio frequency RF) leakage. Reducing radio power can reduce the coverage rate to areas where wireless signals are accepted.

Companies with high risk requirements may want to use oriented antennas instead of omnidirectional antennas to better control signal propagation. The use of targeted antennas for internal buildings can reduce RF signal leakage to the outside of the building.

Network Intrusion

Network Intrusion may bring about unauthorized network traffic, which may specifically target system vulnerabilities or malicious code such as worms and Trojans ), or it may cause traffic that violates the acceptable usage policy of the Organization. The most common wireless network intrusion is rogue AP. Another intrusion attack allows a workstation to establish a connection with another workstation that is not connected to the AP through a specific connection. This type of wireless connection may cause Man-in-the-Middle Attack attacks ).

WIDS can monitor rogue AP and unauthorized devices, maintain policy rules, and detect abnormal or suspicious behaviors. The additional WIDS solution relies on a dedicated distributed hardware sensor similar to AP. The sensor constantly monitors multi-band channels and reports exceptions to the central management console. In addition, enterprises can also use an integrated WIDS solution from a WLAN system vendor to integrate sensor functions into an AP. However, many of these integrated solutions do not provide continuous monitoring, so they may not be able to prevent some intrusions.

We recommend the following best practices:

Use the WIDS solution to monitor rogue aps in both the 2.4 GHz and 5 GHz bands.

Periodically use handheld monitoring devices to monitor rogue aps in the 2.4 GHz and 5 GHz bands in some areas with low or no wireless coverage.

The audit technology of wired networks is used to discover intruders in wireless networks. For example, only requests from the Dynamic Host Control Protocol DHCP on the authorized network are accepted. This technology will prevent rogue AP from obtaining IP addresses and warn network administrators of potential intruders.

Train employees so that they do not connect to any special WLAN.

1. Diversified Wireless LAN Security Strategy
2. Wireless LAN 802.11g Security Analysis