|
In Lesson 3 of Wireless Security Lunchtime Learning, you'll learn the pros and cons of the various wireless access protocols so that you can choose the best method to control, authenticate and authorize access to your WLAN.
|
MAIN MENU |
|
Wireless Security Lunchtime Learning Home Lesson 1: How to counter wireless threats and vulnerabilities Lesson 2: How to build a secure wireless infrastructure Lesson 3: How to implement secure access Lesson 4: How to use wireless IDS/IPS |
Webcast: Who goes there?: Securing wireless access
Length: 25 minutes
Wireless encryption is essential, but addresses only part of the security problem. Security measures are also needed to permit or deny WLAN access, authenticate stations and users, and determine the destinations and applications that each is authorized to reach. This webcast describes readily-available alternatives, from MAC ACLs and captive portals to Preshared Secret Keys and 802.1X Port Access Control.
Tip: Controlling WLAN access on a tight budget
802.1X/EAP can provide robust, granular WLAN access control and authentication, but can your organization afford the "WPA-Enterprise" approach? This tip recommends alternatives for companies that are concerned about securing WLAN access, yet faced with limited IT staff and budget. Whether the answer is outsource, open source or make the best of "WPA-Personal," this tip will help you understand associated costs and consequences.
Tip: Choosing the right flavor of 802.1X
802.1X Port Access Control provides an extensible framework for authenticating and authorizing WLAN usage. But 802.1X is merely an envelope that carries some type of Extensible Authentication Protocol (EAP). More than 50 EAP Types have already been defined; how do you know which one(s) to use? This tabular tip provides a direct comparison of the most popular EAP Types used with 802.1X today, the authentication methods supported by each, known vulnerabilities associated with them and suitable usage environments.
Tip: Combining 802.1X and VLANs for WLAN authorization
Many WLAN owners know that 802.1X/EAP makes it possible to authenticate individual wireless users. But did you know that 802.1X can also be used to funnel wireless traffic onto VLANs, enforcing user or group-based permissions? This tip explains how to use RADIUS attributes returned by 802.1X to supply VLAN tags, establishing that critical link between authentication and authorization.
Tip: Defeating Evil Twin attacks
Evil Twin attacks -- also known as AP phishing, honeypot APs or hotspotters -- pose a clear and present danger to wireless users in public and private WLANs. This tip describes several steps that your company can take to defend employees against this poorly-understood attack. Learn why SSL or SSH may not be enough to protect your users, and how 802.1X mutual authentication can help defeat these phony APs.
Quiz
Put your new knowledge of wireless access to the test.
| About the Instructor |
 |
|
|
|
Lisa teaches about wireless LANs, mobile security and virtual private networking at many industry conferences and on-line webinars. Lisa's WLAN Advisor and Wireless-To-Go columns are published by SearchNetworking.com and SearchMobileComputing.com where she is a site expert on wireless LANs. She also has written extensively about network infrastructure and security technologies for numerous publications including Wi-Fi Planet, ISP-Planet, Business Communications Review, Information Security and SearchSecurity.com.
This was first published in April 2006