Wireless network not validating

We recommend the following best practices: This lesson describes best practices for maintaining strong user authentication and data privacy on a WLAN.

wireless network not validating-37wireless network not validating-8wireless network not validating-38

In addition, PSKs are very difficult to administer on large networks because when the PSK is changed (e.g., when an employee leaves the company), every client on the network must be configured with the new PSK. This lesson describes methods to protect your network from attack and provides denial-of-service best practices.

Denial of service Any event that prevents authorized users from performing appropriate functions may be considered a denial-of-service (Do S) attack.

(Note that the IEEE is working on a proposal [802.11w] to strengthen management frame security.) Some security professionals recommend disabling the SSID broadcast in beacon frames and disabling the probe response frame for the broadcast SSID. The first action increases WLAN traffic because it forces all stations on the network to scan for a valid AP by periodically transmitting probe requests.

The second action forces a network administrator to manually configure the SSID on every station.

For example, "use Wi-Fi Protected Access 2 (WPA2) security" is a technology best practice, whereas "train employees not to connect to ad hoc WLANs" is a procedural best practice.

Network discovery Network intruders use a variety of methods to discover the existence of WLANs and their corresponding service set identifiers (SSIDs).Alternatively, identity-based authentication often leverages the IEEE 802.1X standard, Extensible Authentication Protocol (EAP), and Remote Authentication Dial-In User Service (RADIUS).Alternatively, some enterprises may deploy a VPN over the WLAN using technology such as IPsec or SSL.Some enterprises authenticate users by validating their media access control (MAC) address.However, it is easy for an intruder to copy MAC addresses from valid frames and then change the MAC address on the intruder laptop to match a valid MAC address.This E-Guide defines best practice as a methodology that is commonly used, cost effective, and applicable to virtually all enterprises.

Tags: , ,