Monday, June 06, 2005

Wi-Fi security: Leverage what you know


NETWORK WORLD NEWSLETTER: JOANIE WEXLER ON WIRELESS IN THE
ENTERPRISE
06/06/05
Today's focus: Wi-Fi security: Leverage what you know

Dear networking.world@gmail.com,

In this issue:

* Remember the 'big picture' in Wi-Fi security
* Links related to Wireless in the Enterprise
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Colubris Networks
MultiService WLANs Improve Price/Performance.

The next generation network in WLANs is all about service
mobility and access to business productivity applications
anytime, anywhere. Unified wired and wireless networks promise
to deliver multiservice applications and services for
unprecedented mobility, operational savings, price/performance
and security. For more on the Unified Services Network visit
http://www.fattail.com/redir/redirect.asp?CID=106094
_______________________________________________________________
Exclusive new event eliminates analysis-paralysis in the world
of anytime-anywhere broadband

Working in any of these key wireless spaces?--LAN * WAN * Mobile
Services * Subscriber Units * Remote Applications.  Wireless &
Mobility: Commanding Broadband Everywhere is the breakthrough
event and expo you've been waiting for.  Tools, tech, and
solutions.  Click for cities and dates, reg details and
qualifications that get you in free
http://www.fattail.com/redir/redirect.asp?CID=105756
_______________________________________________________________

Today's focus: Wi-Fi security: Leverage what you know

By Joanie Wexler

How do you know that you've covered all the bases when it comes
to wireless LAN security?

To finish up our short, basic series on getting started with
securing enterprise Wi-Fi networks, Lisa Phifer, vice president
at networking consultancy Core Competence, notes that it's easy
to get focused on selected technologies and lose sight of the
big picture.

"Certainly, 802.11 poses new challenges that require unique
solutions such as link-layer encryption and rogue access point
monitoring," says Phifer. "But many existing network security
practices also apply to wireless," she says. She advises to
leverage what you know about wired best practices for your
wireless network, too. For example, she says:

* Wireless APs and switches must be hardened against attack and
  compromise, just as we harden WAN-facing devices like access
  routers and perimeter firewalls. Subjecting your APs and
  switches to "regular" (wired) network and system vulnerability
  assessment scans can help you find (and subsequently fix) open
  ports, unpatched software, default accounts, weak passwords, lax
  access controls and out-of-policy configurations.

* Wireless stations of all types must also be protected. Most
  enterprises already have policy and procedures to secure
  Internet-connected laptops. These measures should be applied to
  wireless stations, not only at hot spots and homes, but even
  on-campus. In a WLAN, you can't assume that every other station
  is trusted. Desktop firewalls, integrity checkers,
  network-admission controls and centrally managed security
  policies can all be applied to wireless stations.

Some configuration details may differ - for example, you might
block file sharing over wireless in some cases but not others.
And some platforms, such as wireless printers and phones, might
prove challenging. But it makes good sense to leverage what you
already have when moving from (or between) wired and wireless
networks.

* Wireless intrusion detection and prevention (IDS/IPS) requires
  deep understanding of 802.11 (and often 802.1X) protocols,
  attack signatures, and expected/unexpected behavior, using
  wireless sensors (or APs) to monitor the air. However, that
  doesn't mean wireless IDS/IPS is an entirely new ballgame. If
  you have an existing wired network IDS/IPS, use it to watch for
  attacks that make their way from wireless onto your wired
  network. Re-use existing network management systems and log
  servers to monitor events on APs, switches and your wireless
  IDS/IPS itself. When possible, implement automated responses
  involving device reconfiguration through your network manager so
  that you'll have fewer points of configuration control and
  audit.

These are just a few examples. When deploying a new network
technology, it's essential to understand new risks and new
countermeasures. Just don't let all that's new distract you from
leveraging what you already have and know, Phifer advises.

RELATED EDITORIAL LINKS

Lisa Phifer's Wireless Corner
http://www.corecom.com/html/wlan.html

Basic tips on how to deploy Wi-Fi security
Network World, 05/23/05
http://www.networkworld.com/nlwir2384

Initial steps in securing your Wi-Fi net
Network World, 05/25/05
http://www.networkworld.com/nlwir2385

Securing 'strange' Wi-Fi devices
Network World, 05/18/05
http://www.networkworld.com/nlwir2216

Experts fear RFID strain on networks
Network World, 06/06/05
http://www.networkworld.com/news/2005/060605-reva.html?rl
_______________________________________________________________
To contact: Joanie Wexler

Joanie Wexler is an independent networking technology
writer/editor in California's Silicon Valley who has spent most
of her career analyzing trends and news in the computer
networking industry. She welcomes your comments on the articles
published in this newsletter, as well as your ideas for future
article topics. Reach her at <mailto:joanie@jwexler.com>.
_______________________________________________________________
This newsletter is sponsored by Colubris Networks
MultiService WLANs Improve Price/Performance.

The next generation network in WLANs is all about service
mobility and access to business productivity applications
anytime, anywhere. Unified wired and wireless networks promise
to deliver multiservice applications and services for
unprecedented mobility, operational savings, price/performance
and security. For more on the Unified Services Network visit
http://www.fattail.com/redir/redirect.asp?CID=106093
_______________________________________________________________
ARCHIVE LINKS

Archive of the Wireless in the Enterprise newsletter:
http://www.networkworld.com/newsletters/wireless/index.html

Wireless research center
Latest wireless news, analysis and resource links
http://www.networkworld.com/topics/wireless.html
_______________________________________________________________
Delivering web applications over the WAN: The new web tier

Experts discuss how to better manage and improve the performance
of web-based applications across the extended enterprise.
Webcast addresses the need for a new architecture tier that
focuses exclusively on this issue.
http://www.fattail.com/redir/redirect.asp?CID=105751
_______________________________________________________________
FEATURED READER RESOURCE
CALL FOR ENTRIES: 2005 ENTERPRISE ALL-STAR AWARDS

Network World is looking for entries for its inaugural
Enterprise All-Star Awards program. The Enterprise All-Star
Awards will honor user organizations that demonstrate
exceptional use of network technology to further business
objectives. Network World will honor dozens of user
organizations from a wide variety of industries, based on a
technology category. Deadline: July 8. Enter today:
<http://www.networkworld.com/survey/easform.html?net>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To unsubscribe from promotional e-mail go to:
<http://www.nwwsubscribe.com/Preferences.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: networking.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)