Manualshelf

Executive Briefing: Wireless Network Security

ManualsBrandsHP ManualsSoftwareHP-UX AAA Server (RADIUS) Software
3456789101112
White Paper
Wireless Network Security
Conclusion
12
Conclusion
The benefit of wireless networks is driving the explosive growth of the WLAN market. Where security has
been the single largest concern for wireless network deployment in the corporate setting, strong security
solutions are available to make wireless networks as secure as wired networks.
Wi-Fi Protected Access (WPA) overcomes the inherent flaws of early wireless networks. WPA uses TKIP at
the physical layer, and 802.1X security for user authentication create the basis for strong wireless network
security. WPA is capable of preventing most sophisticated attacks on wireless networks, and there are no
known tools available to crack this level of wireless security.
It's best to think about a layered approach for wireless security. WPA using a combination of physical layer
security (TKIP) combined with 802.1X user authentication offers a pragmatic, economical security
mechanism to meet the requirements of most corporate environments. For environments that require a more
robust security, such as triple DES encryption, VPN tunnels can be layered on top of 802.1X security for a
more comprehensive solution.
This approach offers a pragmatic solution to wireless security and can resolve the single largest barrier to
WLAN deployment for IT managers. A cost-effective solution using 802.1X security can be deployed to deny
access to any user without the proper credentials, and provide strong security for wireless networks.
Five Rules for WLAN Security
1. Activate Physical Layer Security. While WEP has its weaknesses, TKIP, specified as part of WPA,
provides a base level of security. When combined with 802.1X (see rule 3) it provides a very strong level of
security.
2. Don’t Broadcast or Use Default SSIDs. By changing the default SSID and configuring the access point
not to broadcast the SSID, the most common sniffing tools can be rendered useless.
3. Use 802.1X User Authentication. When access points are configured to support 802.1X, users are not
allowed on the network without proper credentials (user name/password or certificates). Once
authenticated, the client and access point are provided with unique, random session keys to encrypt the
data transfers.
4. Implement Personal Firewalls. Even if a hacker is able to associate with an access point, the personal
firewall will prevent them from accessing files on a user device on the same WLAN.
5. Use VPNs Where Triple DES Encryption is Required. Specific environments like government and
financial industries require 3DES security for all network transmissions. In these environments, VPNs
should be used on top of 802.1X security.