Analysis of location-based security technology

The original network security technology, policies, and management methods of the fixed LAN cannot meet the network security requirements under the new situation of the wireless LAN. Especially for enterprises with high requirements for network security, how to use wireless LAN to improve office conditions while, the focus of enterprises is to effectively prevent unauthorized external access and protect sensitive information.

Although some standards (such as Wi-FiWPA2 and 802.11i) provide new levels of wireless security capabilities and are supported by new monitoring and intrusion protection tools, however, the focus of enterprises has shifted to how to combine traditional network security and physical security to form a new location-based network security solution. Helps enterprises balance the contradiction between providing mobile Internet services for their employees and visitors while providing necessary checks on this unmanageable freedom.

For example, if an enterprise deploys a wireless LAN in its office building to facilitate staff work, but the enterprise does not want people outside the office building to access its wireless LAN, to prevent security risks such as network attacks and sensitive information theft. For another example, an enterprise needs to implement wireless Internet access for the Human Resources department because of its office needs, but wireless access except for the Human Resources department needs to be restricted to prevent others from accessing sensitive information within the Department, such as employee information and performance appraisal information.

This is the root of the role of location-based security technology: restrict the access permission of the wireless LAN based on the user's location information. In addition to adding a layer of physical security protection, positioning control and access permission control can also prevent network unit overload (and prevent "DoS Attacks "), and restrict the visitor's access to the network.

This new cybersecurity concept is actually a concept of "physical barrier", that is, limiting network access activities based on the geographical location and authorization status of visitors. This concept is not technically difficult to implement, as long as the positioning technology is introduced into the wireless LAN.

The user's identity is based on one or more IDs (such as RFID badges/visitor cards and Mobile Wi-Fi devices), and the location technology is used to determine the location of a specific ID, in this way, the user's network access level is set. The basic premise is to create a virtual access fence for each mobile device and each user. It is used to track users' actions in the building, and recognize or reject users' access to network resources based on the authorization status and whether they are in the specified permitted area.

The "physical barrier" can also be set to allow access to wireless LAN and network resources only when the ID card (physical security) is provided to the specified user and his/her mobile device, this greatly reduces the possibility of someone using another user's hosts or mobile devices to access unauthorized information on the Internet.

Geo-fencing allows a visitor's location to access a wireless LAN when he/she is in the conference room with other employees of the Company, whereas access after leaving the meeting room is denied. In addition, "Geo-fencing can send an alarm when a visitor leaves the permitted area and terminate Wireless LAN access.

The comprehensive application of location-based security technology and user and mobile device identity recognition technology improves network protection and Intelligent Identification capabilities to a higher level. Geo-fencing allows you to create a custom invisible fence that moves with each mobile device, allowing the network administrator to ensure that each device can only access authorized areas and resources on the network.

Edit recommendations]