Best practices for wireless network security (Part 2)

Source: Internet
Author: User

Financial service providers are restricted by a large number of customers' data security protection rules. Gramm-leaching-Bliley Act (GLBA Act) is widely used and abstract, but it requires risk identification and evaluation for all types of networks, implement and monitor security measures, including wireless networks. Other regulations, such as the famous Payment Card Industry Data Security Standard (pci dss), clearly include the standards that must be implemented within the WLAN scope, such as detecting abnormal operations, encrypted data transmitted over wireless networks.

Although the specific circumstances of each rule are different, financial service institutions can establish a rule basis for the whole industry by taking the following best practices of wireless network security, following the best practices of wireless network security (I) next, this article introduces the next five best practices:

6. Restrict Access

The wireless network opens a window that outsiders can intrude into. To avoid this situation, unless you can control it. Select and implement a strong WLAN Authentication measure. It is best to select the WPA2 Enterprise Standard (802.1X) with mutual authentication ). If your organization lacks this skill, infrastructure, or supports 802.1X clients, you can also use the WPA2 standard (PSK ), however, please use a random password containing at least 13 characters and regularly changed. Never rely on MAC address filters as your only access control. If your WLAN provides guest-level Internet access permissions, please restrict the content that can be accessed by it and make logs for that part of network communication to reduce the risks to the company's business.

7. Wireless Monitoring

Although many rules strongly recommend the use of around-the-clock distributed wireless intrusion detection or defense systems (WIDS/WIPS), periodic scans can also be performed on sites that process controlled data. The former is more efficient and more effective, especially for large-scale Wireless LAN. No matter which method you choose, you need to know that the object you monitor is not just Wireless Access Point fraud, it also includes unauthorized customers, misconfigured devices, ambiguous security policies, security detection, attack communication traffic, and abnormal clients connected to or connected to external WLAN.

8. Be prepared

Monitoring is just a means. You need to install a WLAN Event Response Program. For example, how do you temporarily block an abnormal AP? How do you find it and remove it physically? You need to review all scanning results, wireless intrusion detection, or intrusion defense system alarms and traffic logs to promptly assess potential threats. In fact, using automated tools (such as wireless intrusion detection or intrusion prevention systems) to track and isolate network connections can stop intrusions in real time. Ensure that the monitoring tool collects sufficient data to make Incident Response and forensic investigation more accurate.

9. Protection Terminal

A stolen point-of-sale terminal or a hacked laptop can easily gain authorization and use encrypted connections, which intrude into a wireless network with tight protection measures. In this case, you can use remote access security best practices to isolate Wireless terminals and prevent unauthorized access to wireless networks from lost and stolen mobile devices. If your organization implements network access control (NAC), you can check the integrity of wireless connection devices, it also uses Host Intrusion detection or defense measures to prevent abnormal terminal behavior (for example, connecting both wired and wireless networks ).

10. Evaluation and Improvement

Never think that security measures will be as expected, and your security auditors will not think so. You need to perform penetration tests on the networks and devices connected to the wireless network. It will intentionally trigger WIDS/WIPS alarms, capture and analyze the traffic through wireless channels. You can try to connect unauthorized devices and users from different locations, record what will happen, and patch discovered vulnerabilities to improve security standards. You need to perform security assessment on a regular or irregular basis to locate and fix new vulnerabilities. For example, you can patch access points, controllers, or clients to prevent new hacker attacks.

To sum up, if financial enterprises are willing to spend time evaluating wireless security threats, managing access permissions, ensuring transmission security, providing strong security encryption for wireless data, and taking other important measures, its own security can even exceed the expectations of auditors.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.