How to enhance the security of wireless network clients

When it comes to the security of wireless networks, people pay more attention to encrypting data, authenticating users, restricting access, and detecting deceptive access points. However, as network and link defenses improve, hackers have begun to update attacks, especially for wireless clients, such as PDA devices, laptops, handheld devices, and so on, because these devices have little or no safety precautions. In this article, we will discuss how the WIPs (Wireless Intrusion defense system) agent for resident hosts can help you protect your wireless client devices to ensure the security of your wireless network.

Break the most fragile link

Many web users may accidentally or deliberately participate in high-risk activities that affect wireless network security. Wireless networks are usually composed of different, unrelated parts or individual nodes, which are promiscuous. In the context of this attribute wireless network, a device automatically probes for adjacent devices and connects to them without user intervention, further increasing its risk. As a result, many wireless nodes expose the system and data to unknown, untrusted "outsiders."

According to the analysis of real-world Wi-Fi activity on a quarterly basis, network Chemistry's Wireless Threat Index, most clients have contacted unknown access points. This may happen accidentally, especially when overly-friendly Windows XP is automatically connected to any available network. Of course, users may also deliberately do this if they are connected to a neighboring enterprise network to circumvent a company's strategy to block non-enterprise applications such as Peer-to-peer file sharing or Gmail.

Approximately 63% of clients involve adding "special" connections--connecting directly to the Wi-Fi endpoint. For example, some users associate shared Internet access with each other, exposing their network's folders and files without being aware of them. To make things worse, most users do not realize that this creates a "special" connection to any network portal that was previously used to connect to an access point. One researcher used a common SSID (such as "Linksys") to lure an airfield passenger to his "special" station, and he was able to attack about 20% of clients via a regular Windows service port-all because they forgot to disable their unsecured wireless adapters.

Many clients also put themselves at risk because they violate company rules and make other mistakes. "Wireless Threat Index" points out that One-fourth of users access the WLAN without a personal firewall, and One-third of users access the WLAN without anti-virus software. For those clients that need to use a wireless VPN, two-thirds of them violate the company's rules. Other large numbers of users are connected to a number of fake access points that impersonate a real access hotspot name. Once a client is tempted to connect to a bogus access point, the traditional "man-in-the-middle" attack tool is run to request a credit card number, login name, password, and sometimes even to eavesdrop on SSL or SSH data.

Regain control of wireless network security

Most administrators know that relying on the user to protect themselves is a recipe for failure. At the very least, small businesses should define step-by-step practices that should be set up manually to secure wireless connections. Large enterprises can use installation packages, domain logon scripts, or Active Directory Group Policy objects to promote secure Wi-Fi configuration. In any case, when connecting to a trusted SSID and preventing connections to other AP or "Special" nodes, you should set up a Wi-Fi connection to require the proper treatment of security. For example, you might require a connection to a corporate SSID to use enterprise-class WPA2 through checks of server certificates, while allowing an open mode connection to an employee's home WLAN, along with an active firewall and VPN clients.

It's a good start, but it's far from enough. Most users underestimate risk and disable measures that they feel are inconvenient. Even if users make real efforts to ensure security, they still make mistakes. Without a central audit and control capability, consistency with internal rules or external rules cannot be guaranteed. Within the office, this can be achieved by deploying a wireless intrusion Prevention system (WIPS). A wips uses access nodes or inspectors throughout the WLAN to monitor data communications. Observations are reported to the center's WIPs server, which can analyze Wi-Fi traffic to find possible attacks, issues, and policy conflicts. Whenever a potential threat is detected-for example, an employee connecting to a neighboring AP (access point)--wips can take steps to automatically interrupt the connection.

Placing this control in a range not just within the office requires a different scenario-a wips program that runs on the Wi-Fi client itself. A host of wips, such as network chemistry RFprotect Endpoint, airtight Spectraguard SAFE, airmagnet streetwise, or airdefense persona L can monitor Wi-Fi clients in the home, or it may be a public hotspot area, an airfield or even a client on a plane.