by
 WISDOM Advanced Security Measures
WISDOM Advanced Security is designed for high-level security
WLANs in a converged network that are subject to regulations or legal security
requirements such as the Health Insurance Portability and
Accountability Act (HIPAA) of 1996 (U.S. Department of ... [full story]
|
by
 WISDOM Intermediate Security Measures
WISDOM Intermediate Security is designed for WLANs in a
converged network that contains proprietary or very sensitive data. WISDOM
Intermediate Security also requires that the WLAN security management
considerations and those required for WISDOM Basic Security described ... [full story]
|
by
 WISDOM Basic Security Measures
WISDOM Basic Security is defined as the minimum security
requirements for WLANs attached to a converged network. WISDOM Basic Security
also requires that the WLAN security management considerations described earlier
be implemented as part of its layered ... [full story]
|
by
 Applying WISDOM to WLAN Security
WISDOM, as proposed by James F. Ransome in his doctoral
dissertation [1], provides three tiered security options with proper
hardware, software, and security requirements to secure a WLAN at a
corresponding security level equivalent to the ... [full story]
|
by
 WLAN Security Management Considerations
Managing and maintaining a secure wireless network (and associated
devices) requires significant effort, resources, and vigilance and involves the
following steps: (1) maintaining a full understanding of the topology of the
wireless network, (2) labeling and keeping ... [full story]
|
by
 Costs of Securing WLANs
What are the costs associated with securing wireless
networks? Compare the cost of the solution(s) against the assets the
organization is trying to protect. Are security costs worth the investment,
considering the risks, in implementing a WLAN? ... [full story]
|
by
 Risk Assessments Revisited
It is not useful to secure a WLAN if the data is not worth
protecting. The two primary types of assets to protect on a WLAN are sensitive
data and network services:
Sensitive data. Sensitive can mean
different things ... [full story]
|
by
 WISDOM for WLAN Practitioners
We have identified the 802.11 WLAN as the most vulnerable and
critical node in wireless converged network security. WLANs can easily be
reconfig-ured, are very mobile, allow for potentially continuous exposure, and
require the level of security ... [full story]
|
by
 802.11i and WiFi Protected Access
The IEEE 802.11i standard [22] for WLAN security is still in
draft format as of this writing, but wireless vendors have released key
components under the name Wireless-Fidelity, or WiFi, Protected Access (WPA).
Some features of ... [full story]
|
by
 Multifactor Authentication
Multifactor authentication solutions use more than one
credential criteria to authenticate a user. The three different types of
authentication criteria that can be combined to create a multifactor solution
are
Something you know (usernames/passwords)
Something you have (token, SecureID, SmartCard)
Something you ... [full story]
|
by
 LDAP
LDAP is a directory service based on the X.500 Directory
Services model that performs operations management functions, acting as a
storehouse of information for applications and as a central part of modern OS
services. LDAP is both an information repository ... [full story]
|
by
 RADIUS
RADIUS is a widely deployed protocol for network access AAA.
Although there are many issues with RADIUS, including issues with security and
transport, it will more than likely remain widely used for years to come because
it is simple, efficient, ... [full story]
|
by
 Kerberos
The Kerberos protocol was first developed by engineers at
the Massachusetts Institute of Technology (MIT) in the late 1980s as part of
MIT's project Athena [3]. Kerberos is a security system that provides
authentication and message protection and is appropriately ... [full story]
|
by
 Using Kerberos, RADIUS, and LDAP for WLAN Authentication
While wireless networking applications benefit from location
independence and freedom of mobility, they all have the same security challenge—
authentication. When considering a security implementation, authentication is a
key component of any security ... [full story]
|
by
 Baselining
Baselining is a procedure where data is collected to measure
the performance of selected network segments over a period of time, typically
several hours to several days. These data are used as a historical benchmark
against which suspicious or anomalous ... [full story]
|
by
 Using DHCP Services for Authentication
The Dynamic Host Configuration Protocol (DHCP) provides a
framework for passing configuration information to hosts on a TCP/IP network,
handling the authentication of users, and assigning unique IP addresses to incoming network access requests. Network
administration ... [full story]
|
by
 Security Advantages of Thin Clients in a Wireless Environment
Thin clients operate as a hybrid instance of a mainframe terminal
using the client/server model, where the client is running on a local operating
system and all processing is done on the ... [full story]
|
by
 Intrusion Detection Systems
Intrusion Detection Systems (IDSs) have been a critical
security component of wired networks for a number of years now. They are
beginning to appear in the wireless security software marketplace and have been
specifically designed with the discrete ... [full story]
|
by
 Additional WLAN Security Solutions
This chapter deals with topics crucial to WLAN security that
deserve special attention. Each has a useful and unique approach to WLAN
security and merits coverage in this text. The subjects in this chapter are
unrelated to ... [full story]
|
by
 Subnet Roaming
Unfortunately, mobile users often experience broken network
sessions as they transit (roam) subnet boundaries. One way to solve this problem
is with the use of a vendor subnet-roaming solution that provides session and network layer address persistence. Most EWG ... [full story]
|
by
 Other WLAN Security Issues
10.5.1 Rate Limitation
Because 802.11 WLANs use a half-duplex medium, the maximum
throughput of 801.11b access points is approximately 5 Mbps. This is shared
between simultaneous users on each access point. Administrators may want to
limit or control ... [full story]
|
by
 Techniques
In this section, the techniques of network segmentation,
redundancy, NAT / Network Address Port Translation (NAPT) and RBAC are discussed
in relation to their ability to enhance the security of WLANs. Network
segmentation and redundancy is presented from the viewpoint ... [full story]
|
by
 Segmentation Devices
WLANs pose a unique problem because they do not have
physical barriers and is data broadcast in the air. In general, a WLAN is more
vulnerable to compromise and is less secure than a wired network. This requires
wireless ... [full story]
|
by
 Enhancing WLAN Security
In this section, segmentation devices and other techniques
that can be used to enhance WLAN security are described. Segmentation devices
are security devices that are used when implementing a demarcation between wired
and wireless networks to mitigate the ... [full story]
|
by
 Tools and Technologies to Enhance VPN Security
In this section, the tools and technologies used to enhance
VPN security in a WLAN are described. Such tools include secure shells, port
forwarding, secure file transfer, public key authentication, and Mobile IP. The ... [full story]
|
by
 VPN Types
Although there are many types of VPNs (including remote
access, extranets, branch offices, SOHO, and wireless), there are only two types
of connections: remote access and router-to-router. This section provides an
overview of how VPN technology is used with ... [full story]
|
by
 VPNs in a WLAN Environment
As the Internet has increased in popularity, its use as a
public medium for transporting data between private networks has also increased.
Correspondingly, the inherent security risks of transited data over the Internet
has also increased. ... [full story]
|
by
 EAP Authentication Types
Several different EAP protocol types are used with WLANs
today. Some are complicated to deploy, some are more secure than others, and
some are not considered secure. The differences between the types of EAP that
can be deployed ... [full story]
|
by
 EAP and its Variants
An understanding of Point-to-Point Protocol (PPP) is
required before you can understand EAP. PPP is used for dial-up connections to
the Internet and to establish a connection over a point-to-point link. Once a
link is established, PPP ... [full story]
|
by
 Using Dynamic WEP (802.1x and EAP) to Address Authentication and Encryption
Flaws in 802.11
802.11 unauthenticated, cleartext management, and control
frames mitigate the basic security flaws that have resulted in numerous attack
scenarios targeted at WLANs. There are numerous authentication and ... [full story]
|
by
 When and How to Use TKIP and WEP
Many wireless security companies base their marketing
strategy on the vulnerabilities of WEP. Even if the hacker is on a fully used
wireless network using WEP cracking tools such as WEPcrack [3] or ... [full story]
|
by
 How TKIP Addresses the Weaknesses in WEP
TKIP is a set of modifications the IEEE 802.11i task group
created as a measure to augment security issues found in the existing WEP
algorithm. WEP is susceptible to forgery, weak-key, collision, and replay ... [full story]
|