|
|
Programming Help |
Homework Help |
Counseling Astrology Advice | Tarot Advice | Parenting Dating Advice | Love Advice | Divorce Advice Legal Advice | Debt Advice | Career Advice W IRELESS N ETWORK S ECURITY 3-29 and finalize the full 802.11i Robust Security Network (RSN), an amendment to the existing wireless LAN standard. RSN, to be available in the 4 th quarter of 2003, will also include the Advanced Encryption Standard (AES) for confidentiaility and integrity. The RSN solution will require hardware replacements. For additional information, refer to Section 3.6. 3.5.3.1.3 Authentication In general, effective authentication solutions are a reliable way of permitting only authorized users to access a network. Authentication solutions include the use of usernames and passwords; smart cards, biometrics, or PKI; or a combination of solutions (e.g., smart cards with PKI). 27 When relying on usernames and passwords for authentication, it is important to have policies specifying minimum password length, required password characters, and password expiration. Smart cards, biometrics, and PKI have their own individual requirements and will be addressed in greater detail later in this document. All agencies should implement a strong password policy, regardless of the security level of their operations. Strong passwords are simply a fundamental measure in any environment. Agencies should also consider other types of authentication mechanisms (e.g., smart cards with PKI) if their security levels warrant additional authentication. These mechanisms may be integrated into a WLAN solution to enhance the security of the system. However, users should be careful to fully understand the security provided by enhanced authentication. This does not in and of itself solve all problems. For example, a strong password scheme used for accessing parameters on a NIC card does nothing to address the problems with WEP cryptography. 3.5.3.1.4 Personal Firewalls Resources on public wireless networks have a higher risk of attack since they generally do not have the same degree of protection as internal resources. Personal firewalls offer some protection against certain attacks. 28 Personal firewalls are software-based solutions that reside on a client's machine and are either client-managed or centrally managed. Client-managed versions are best suited to low-end users because individual users are able to configure the firewall themselves and may not follow any specific security guidelines. Centrally managed solutions provide a greater degree of protection because IT departments configure and remotely manage them. Centrally managed solutions allow organizations to modify client firewalls to protect against known vulnerabilities and to maintain a consistent security policy for all remote users. Some of these high-end products also have VPN and audit capabilities. Although personal firewalls offer some measure of protection, they do not protect against advanced forms of attack. Depending on the security requirement, agencies may still need additional layers of protection. Users that access public wireless networks in airports or conference centers, for example, should use a personal firewall. Personal firewalls also provide additional protection against rogue access points that can be easily installed in public places. 3.5.3.1.5 Intrusion Detection System (IDS) An intrusion detection system (IDS) is an effective tool for determining whether unauthorized users are attempting to access, have already accessed, or have compromised the network. IDS for WLANs can be host-based, network-based, or hybrid, the hybrid combining features of host- and network-based IDS. A host-based IDS adds a targeted layer of security to particularly vulnerable or essential systems. A host- based agent is installed on an individual system (for example, a database server) and monitors audit trails 27 See Federal Information Processing Standards Publication 196, Entity Authentication Using Public Key Cryptography at http://csrc.nist.gov/publications/fips/index.html. 28 See case study on the use of firewalls on laptops for telecommuters at http://www.techrepublic.com/article.jhtml?id=r00520010328law01.htm . |
Find more freelance jobs
|
