|
|
Programming Help |
Homework Help |
Counseling Astrology Advice | Tarot Advice | Parenting Dating Advice | Love Advice | Divorce Advice Legal Advice | Debt Advice | Career Advice W IRELESS N ETWORK S ECURITY 3-31 devices on the wired network. Agencies that want to expand network functionality by adding a wireless capability should examine the existing IDS architecture and consider additional solutions to address the above-mentioned risks. Agencies should consider implementing a wireless IDS solution that provides the following capabilities: ! Identification of the physical location of wireless devices within the building and surrounding grounds ! Detection of unauthorized peer-to-peer communications within the wireless network that are not visible to the wired network ! Analysis of wireless communications and monitoring of the 802.11 RF space and generation of an alarm upon detection of unauthorized configuration changes to wireless devices that violate security policy ! Detection of and alarming for when a rogue access point goes live within the agency's security perimeter ! Detection of flooding and deassociation attempts before they successfully compromise the wireless network ! Provision of centralized monitoring and management features with potential for integration into existing IDS monitoring and reporting software to produce a consolidated view of wireless and wired network security status. Agencies that require high levels of security should consider deploying an IDS because it provides an added layer of security. Agencies that currently employ IDSs should consider the addition of the capabilities above to supplement their existing capabilities. The deployment of IDS obviously comes at a cost and should be considered if financially feasible. In addition to the cost of the system itself, an IDS requires experienced personnel to monitor and react to IDS events and to provide general administration to the IDS database and components. Agencies should also consider using a correlation engine, which receives standard real-time security events from a variety of sensors, such as IDS, firewall, and virus systems. Correlation engines combine in real-time and analyze a wide variety of threats. These threats can include several classes of attacks, such as Distributed Denial of Service (DDoS) attacks. 3.5.3.1.6 Encryption As mentioned earlier, APs generally have only three encryption settings available: none, 40-bit shared key, and 104-bit setting. The setting of none represents the most serious risk since unencrypted data traversing the network can easily be intercepted, read, and altered. A 40-bit shared key will encrypt the network communications data, but there is still a risk of compromise. 29 The 40-bit encryption has been broken by brute force cryptanalysis using a high-end graphics computer and even low-end computers; consequently, it is of questionable value. 30 In general, 104-bit encryption is more secure than 40-bit encryption because of the significant difference in the size of the cryptographic keyspace. Although this is not true for 802.11 WEP because of poor cryptographic design using IVs, it is recommended nonetheless as a good practice. Again, users of 802.11 APs and wireless clients should be vigilant about checking with the vendor regarding upgrades to firmware and software as they may overcome some of the WEP problems. 29 This is also a threat for 128-bit encryption but just harder to break. 30 See Basgall, M., "Experimental Break-Ins Reveal Vulnerability in Internet, Unix Computer Security," (January 1999) at http://www.dukenews.duke.edu/research/encrypt.html. |
Find more freelance jobs
|
