In Lesson 3 of Wireless Security Lunchtime Learning, you'll learn the pros and cons of the various wireless access protocols so that you can choose the best method to control, authenticate and authorize access to your WLAN.
Webcast:Who goes there?: Securing wireless access
Length: 25 minutes
Wireless encryption is essential, but addresses only part of the security problem. Security measures are also needed to permit or deny WLAN access, authenticate stations and users, and determine the destinations and applications that each is authorized to reach. This webcast describes readily-available alternatives, from MAC ACLs and captive portals to Preshared Secret Keys and 802.1X Port Access Control.
Tip:Controlling WLAN access on a tight budget
802.1X/EAP can provide robust, granular WLAN access control and authentication, but can your organization afford the "WPA-Enterprise" approach? This tip recommends alternatives for companies that are concerned about securing WLAN access, yet faced with limited IT staff and budget. Whether the answer is outsource, open source or make the best of "WPA-Personal," this tip will help you understand associated costs and consequences.
Tip:Choosing the right flavor of 802.1X
802.1X Port Access Control provides an extensible framework for authenticating and authorizing WLAN usage. But 802.1X is merely an envelope that carries some type of Extensible Authentication Protocol (EAP). More than 50 EAP Types have already been defined; how do you know which one(s) to use? This tabular tip provides a direct comparison of the most popular EAP Types used with 802.1X today, the authentication methods supported by each, known vulnerabilities associated with them and suitable usage environments.
Tip:Combining 802.1X and VLANs for WLAN authorization
Many WLAN owners know that 802.1X/EAP makes it possible to authenticate individual wireless users. But did you know that 802.1X can also be used to funnel wireless traffic onto VLANs, enforcing user or group-based permissions? This tip explains how to use RADIUS attributes returned by 802.1X to supply VLAN tags, establishing that critical link between authentication and authorization.
Tip:Defeating Evil Twin attacks
Evil Twin attacks -- also known as AP phishing, honeypot APs or hotspotters -- pose a clear and present danger to wireless users in public and private WLANs. This tip describes several steps that your company can take to defend employees against this poorly-understood attack. Learn why SSL or SSH may not be enough to protect your users, and how 802.1X mutual authentication can help defeat these phony APs.
Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology. Lisa has been involved in the design, implementation and evaluation of data communications, internetworking, security and network management products for over 20 years. At Core Competence, she has advised large and small companies regarding security needs, product assessment and the use of emerging technologies and best practices. Before joining Core Competence, Lisa was a Member of Technical Staff at Bell Communications Research where she won a president's award for her work on ATM Network Management.
Lisa teaches about wireless LANs, mobile security and virtual private networking at many industry conferences and on-line webinars. Lisa's WLAN Advisor and Wireless-To-Go columns are published by SearchNetworking.com and SearchMobileComputing.com where she is a site expert on wireless LANs. She also has written extensively about network infrastructure and security technologies for numerous publications including Wi-Fi Planet, ISP-Planet, Business Communications Review, Information Security and SearchSecurity.com.
Value-added resellers and service providers interested in reselling Aruba networking hardware and software can learn the benefits of becoming an Aruba Networks partner with this standardized checklist. Compare Aruba's reseller partner program with other vendors' offering similar products.