Third-Party Security Methods
While using the previously discussed security measures would help to lock down a WLAN, the simple fact is that this is not enough for security conscious environments where privacy is paramount. For situations like this, additional hardware and/or software can be implemented via third-party products. By integrating these products with existing technologies, your WLAN can become practically impenetrable.
Firewalls
If you read the last segment about using a DMZ to indirectly secure the WLAN, you will understand the importance of using a firewall. In short, a WLAN should be considered insecure and part of the public Internet. Thus, if you design your wireless network with this in mind, you should use a firewall to separate the wireless users from the internal users.
A firewall can do much to eliminate security threats. Depending on how it is set up and what types of policies are used, a firewall can effectively block all incoming requests that are not authorized. This creates a physical barrier to crackers who might have control over the wireless network and are trying to breach the internal network.
When it comes to selecting a firewall for the wireless part of your LAN, the best option is to use a dedicated hardware firewall, or simply to use one of the main firewalls protecting your existing Internet connection. Because the access point should exist off a DMZ, it can simply be connected to the DMZ port on any larger firewall appliance.
With this in mind, it is important to correctly set up security policies on the firewall. One of the most common problems with complex equipment is the increased chance of misconfiguration. The reason why we suggest using a dedicated firewall is because you can configure it to block everything, and then you can slowly relax these settings. Although this is possible with the main corporate Internet firewall, it is the less attractive option. In addition, a wireless network user base will probably be much smaller, which allows an administrator to maintain a closer level of management on the policies and settings used to control the users.
In this tutorial:
- Securing the WLAN
- Access Point-Based Security Measures
- MAC Filtering
- Controlling the Radiation Zone
- Defensive Security Through a DMZ
- Third-Party Security Methods
- VPNs
- Funk Steel-Belted Radius
- Central User Administration
- Central Hardware Administration
- Securing Your Wireless LAN
- RADIUS Accounting
- WLAN Protection Enhancements
- AES