Page 256 - StudyBook.pdf
P. 256

240    Chapter 4 • Communication Security: Wireless

                 Wireless clients can connect to APs using either open system or shared-key
             authentication.While shared-key authentication provides protection against some
             DoS attacks, it creates a significant vulnerability for the WEP keys in use on the
             network and should not be used.
                 MAC filtering is another defensive tactic that can be employed to protect wire-
             less networks from unwanted intrusion. Only the wireless station that possess
             adapters that have valid MAC addresses are allowed to communicate with the AP.
             However, MAC addresses can be easily spoofed and maintaining a list of valid
             MAC addresses may be impractical in a large environment.
                 A much better way of securing WLANs is to use 802.1x. 802.1x was originally
             developed to provide a method for port-based authentication on wired networks.
             However, it was found to have significant application in wireless networks.With
             802.1x authentication, a supplicant (a wireless workstation) needs to be authenti-
             cated by an authenticator (usually a RADIUS server) before access is granted to the
             network itself.The authentication process takes place over a logical uncontrolled
             port that is used only for the authentication process. If the authentication process is
             successful, access is granted to the network on the logical controlled port.
                 802.1x relies on EAP to perform authentication.The preferred EAP type for
             802.1x is EAP-TLS. EAP-TLS provides the ability to use dynamic per-user, ses-
             sion-based WEP keys, eliminating some of the more significant vulnerabilities asso-
             ciated with WEP. However, to use EAP-TLS, you must deploy a PKI to issue
             digital X.509 certificates to the wireless clients and the RADIUS server.
                 Other methods that can be used to secure wireless networks include placing
             wireless APs on their own subnets in WDMZs.The WDMZ can be protected from
             the corporate network by a firewall or router.Access to the corporate network can
             be limited to VPN connections that use either PPTP or L2TP.
                 New security measures continue to be developed for wireless networks. Future
             security measures include TKIP and MIC.


             Exam Objectives Fast Track


             Wireless Concepts


                   The most predominant wireless technologies consist of WAP and IEEE
                      802.11 WLAN.
                   WEP is the security method used in IEEE 802.11.WLANs and WTLS
                      provide security in WAP networks.



          www.syngress.com
   251   252   253   254   255   256   257   258   259   260   261