Wireless communication poses formidable challenges for the security professional. Many wireless manufacturers design their devices for easy set up and use, often at the expense of sound security practices. Many wireless devices default to little or no security. A security professional must take extra precautions to protect sensitive data transmitted over wireless devices.
Two protocols that have been implemented to provide security for wireless communication are:
- Wired Equivalent Privacy (WEP) implements the 802.11 specification for wireless network connections.
- Wireless Application Protocol (WAP) is used with mobile devices such as PDA's and smart phones.
Countermeasures for wireless communications are:
- First and foremost, treat a wireless network as though it were a publicly accessible network. Don't assume that the traffic on that network is private and secure.
- Put the access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access.
- Encrypt all data transmitted through your access point.
- Set the access point to accept only Media Access Control (MAC) addresses.
- Use firewalls on each network access point.
- Avoid storing sensitive data on wireless machines whenever possible. Encrypt sensitive data that must be stored on the machine.
- Install security updates as soon as they are available.
- Install antivirus software on the wireless computer.
- Require that users connect to the wireless access point with a network cable when sending sensitive data.
- Disable the broadcasting of the SSID from all access points.
- Implement EAP-TLS to use different keys for encryption and broadcast traffic.
- Set the WEP broadcast traffic key to be renegotiated at a certain interval.
- Set up a RADIUS server and a certificate authority. The RADIUS server authenticates the user back against your network directory service.
No comments:
Post a Comment