Throughout the book, we have examined wireless security one step at a time, moving from clients all the way through to gateways. The security responsibilities of each of these parts translate into the security of the whole. To recap, lets walk through each of the pieces and list what security role they play.
The client machines must protect themselves from other machines on the network. They must also properly communicate with the access point and the gateway to ensure security. If WEP is being used, the client needs to have the correct keys. If IPsec or 802.1x is being used, the client must support the protocol and be configured properly.
Further up the chain is the access point. Many access points have
security issues in their firmware, allowing attacks against their
SNMP servers or administration consoles. The services provided by
these access points should be minimized, and desired security
features such as WEP enabled. If the access point is a
HostAP system, the computer must also be locked
down following standard procedures for securing a server.
The gateway provides separation between the wireless network, any local wired networks, and the Internet. It treats the wireless network and the Internet as untrusted sources of traffic, shielding the wired network from them. It also provides services to computers on the wireless network such as NAT, DHCP, and DNS. IPsec tunnels from wireless clients are terminated at the gateway, and it may act as a captive portal or 802.1x authentication server.
Each of these pieces is vital to the security of the network. Remember that if any one of them fails it can lead to compromises of the network. By having the multiple layers of host security, authentication, and encryption, however, many layers of protection are provided. Each of these layers must breached for an attacker to gain further access, and the layers serve to limit compromises. Defense in depth is a solid security practice, and we hope that this book will help you to implement your system with a layered set of defenses.