The wireless network brings great convenience to users. For example, users can access real-time information through laptops during meetings, or they can finish their work before the deadline in the quiet corner of the office. However, wireless LAN poses a huge security threat to the entire network. However, an expert from Check Point, an Internet security solution provider, said that the widespread use of wireless network access in commerce is an irreversible trend. Therefore, the correct attitude is not caused by belching, instead, we try to reduce the security risks of using a wireless LAN.
According to a Research report released by Infonetics Research, wireless network security, external network connections, and Internet boundary will be the biggest growth area in the network security field in the next few years. Jeff Wilson, Chief Analyst of Infonetics and principal author of the research report, mentioned that the growth in the security market is driven by comprehensive technological innovation. The growth of wireless networks makes wireless security one of the fastest growing fields in the market.
Check Point north Asia President Zeng Zhiming said that users can reduce the risk of Wireless LAN in five aspects:
Focus on destructive hot spots
The biggest potential risk of a company's network is its wireless access point, which contains a fiercely destructive program. This is not necessarily a deliberate attempt to bypass security policies, for example, some employees purchase wireless access devices to make their work more convenient, and the cost and complexity of using these devices are not high. It is not difficult to prevent these unmanaged WAP instances. There are many tools to choose from, such as dedicated WLAN sensors and packet monitors, which can protect the network from illegal WAP attacks.
Protect the security of endpoints to ensure the network
Note that the security of the wireless LAN is not absolutely trustworthy. Various Network endpoints face various threats as they are exposed to remote broadband connections. The endpoint must have at least one personal firewall for protection. Trusted users that comply with security policies should be placed in Virtual LAN accessible to internal networks. For those customers or users who do not comply with the security policy, they are only allowed to access the Internet.
Partition the network
Enterprises should use a powerful border firewall to separate a wireless LAN from a fixed-line network. Although WAP provides basic access control, its assurance level cannot meet the needs of today's network environment. Another advantage of using the border firewall is that the security policy of the wireless LAN and the border can be consistent.
Use IPSec instead of Wireless LAN Encryption
The previously used Wired Equivalent encryption (Wired Equivalent Privacy, WEP for short) and Wi-Fi Protected Access (WPA) were less effective, the change to the 802.11i and WPA2 protocols must be improved, but the disadvantage is that many wireless LAN devices still cannot support the new standard, unless users can implement the 802.11i across the enterprise, otherwise, it is more advisable to use an IPSec Encryption Policy to manage user access sensitive information, because IPSec has been verified to be valid and has been used on many laptops.
Risk
Wireless LAN security should be part of enterprise risk analysis. Enterprises should consider the following questions: what are the risks? Are there any proper steps to detect destructive access endpoints? Once an unauthorized person connects to the company's wireless LAN and internal network, what is the legal liability of the company? All in all, security measures are inseparable from risk and network threats.
- Is WLAN secure? Wi-Fi Protection
- How to Reduce WLAN Security Risks
- WLAN Security Management Guide