This chapter will build on the foundations set in previous chapters with a focus on wireless network implementation. The convenience of wireless networking is a benefit used by most enterprise users to increase productivity and gain mobility. The ability to connect to the network over wireless signals poses security challenges and can be the source of network compromise if not implemented correctly. Threats to wireless network security continue to increase; it is imperative to consider the current methods of wireless exploitation and plan for future vulnerability discovery. To ensure minimal risk introduction through wireless network implementation, configuration considerations must be assessed and the wired network protected from inevitable wireless network attacks. Additional resources for implementing secure wireless networks are provided in Appendix C, Security Tools List.
This chapter will cover:
- Securing wireless networks
- Wireless network authentication
- Wireless network encryption
- Wireless client security
- Network segmentation
- Wireless intrusion prevention
The nature of wireless networks extending access to the internal network beyond the physical boundaries of the enterprise introduces complexities in properly securing access. In the standard internal network implementation, physical access is required to cable into the network in order to gain access to enterprise resources; to date this has been the method of ensuring trust for hosts connecting. Though this is not well-evaluated logic, the same rationale has been generally applied to wireless networks. Because wireless networks allow a level of anonymity for connecting hosts, a degree of trust must be established for connecting hosts and the infrastructure providing the wireless access.
In order to provide security through obscurity, methods such as hidden SSIDs and MAC address filtering have been employed to keep the wireless network invisible to eavesdroppers and more difficult to connect to for an unknown host. Unfortunately, these methods fail due to the very nature of how wireless works. When a host is configured for a wireless network it will send a beacon frame out looking for an access point serving the network. This design eases the connectivity process for users, but can allow an attacker to learn of a network that is cloaked by not broadcasting the SSID. Additionally, simple wireless network traffic sniffing can provide the information needed to circumvent MAC address filters by observing connected hosts for their MAC addresses. The MAC address of a valid host can be spoofed with little effort rendering the filtering ineffective. Knowing the SSID and having a valid MAC address does not necessarily gain an attacker access to the wireless network, but it does provide information that can be used to launch an attack. The attack can be directly against the wireless network or generation of a fake access point to harvest credentials from unsuspecting wireless clients. Either scenario is not ideal for an enterprise responsible for protecting internal resources. Before implementing a wireless network, it is important to determine the best method to reduce risk by implementing authentication and encryption methods that secure the wireless network regardless of whether the network is advertised and client MAC addresses are visible. Methods to secure wireless networks involve a layered approach that addresses each tier of wireless network communications. Not only is the security configuration of utmost importance, but so is the physical protection of the wireless infrastructure, much like any other network devices that provide physical connectivity to the enterprise network.