|
|
Programming Help |
Homework Help |
Counseling Astrology Advice | Tarot Advice | Parenting Dating Advice | Love Advice | Divorce Advice Legal Advice | Debt Advice | Career Advice W IRELESS N ETWORK S ECURITY 3-24 It is important to consider the range of the AP when deciding where to place an AP in a WLAN environment. If the range extends beyond the physical boundaries of the office building walls, the extension creates a security vulnerability. An individual outside of the building, perhaps "war driving," could eavesdrop on network communications by using a wireless device that picks up the RF emanations. A similar consideration applies to the implementation of building-to-building bridges. Ideally, the APs should be placed strategically within a building so that the range does not exceed the physical perimeter of the building and allow unauthorized personnel to eavesdrop near the perimeter. Agencies should use site survey tools (see next paragraph) to measure the range of AP devices, both inside and outside of the building where the wireless network is located. In addition, agencies should use wireless security assessment tools (e.g., vulnerability assessment) and regularly conduct scheduled security audits. Site survey tools are available to measure and secure AP coverage. The tools, which some vendors include with their products, measure the received signal strength from the APs. These measurements can be used to map out the coverage area. However, security administrators should use caution when interpreting the results because each vendor interprets the received signal strength differently. Some AP vendors also have special features that allow control of power levels and therefore the range of the AP. This is useful if the required coverage range is not broad because, for example, the building or room in which access to the wireless network is needed happens to be small. Controlling the coverage range for this smaller building or room may help prevent the wireless signals from extending beyond the intended coverage area. Agencies could additionally use directional antennas to control emanations. However, directional antennas do not protect network links; they merely help control coverage range by limiting signal dispersion. Although mapping the coverage area may yield some advantage relative to security, it should not be seen as an absolute solution. There is always the possibility that an individual might use a high-gain antenna to eavesdrop on the wireless network traffic. It should be recognized that only through the use of strong cryptographic means can a user gain any assurance against true eavesdropping adversaries. The following paragraphs discuss how cryptography (Internet Protocol Security [IPsec] and VPNs) can be used to thwart many attacks. 3.5.3 Technical Countermeasures Technical countermeasures involve the use of hardware and software solutions to help secure the wireless environment. 20 Software countermeasures include proper AP configurations (i.e., the operational and security settings on an AP), software patches and upgrades, authentication, intrusion detection systems (IDS), and encryption. Hardware solutions include smart cards, VPNs, public key infrastructure (PKI), and biometrics. 21 It should be noted that hardware solutions, which generally have software components, are listed simply as hardware solutions. 3.5.3.1 Software Solutions Technical countermeasures involving software include properly configuring access points, regularly updating software, implementing authentication and IDS solutions, performing security audits, and adopting effective encryption. These are described in the paragraphs below. 20 The classification of a countermeasure into one of the two categories is, in some instances, arbitrary, since the two may actually overlap. 21 It should be noted that the software and hardware countermeasures identified in this document could arguably fit into either category. |
Find more freelance jobs
|
